TMCnet News
Instant Messaging: Instant ExploitationsGrey Consulting In the early 2000s, a grassroots movement drove public network instant messaging (IM) into the enterprise. Informal IM-driven business networks matured, as IM joined email to become a transport for B2B and B2C business.
Yet, many businesses have neglected to apply the “lessons learned” in managing insecure email to insecure IM – they choose the ostrich approach. Six years later, IM is mainstreaming, and businesses are taking their heads out of the sand. The Security Trap Email has been the favored method by hackers to introduce malicious code into an organization. Hackers are now also targeting IM as a vector for malicious code. IM’s real-time nature can mean real-time security breeches. Exploited IM is particularly insidious. Depending upon the IM provider, a newly arrived IM will open on your screen. Should the IM contain malicious code – your computer has just been compromised. Public network IM “display names” may not indicate the identity of the person sending the IM. As a result, human curiosity causes the recipient to accept an IM from a “stranger.” One of the deadliest forms of security breeches is introduced into the organization by a zero-hour attack – that is, spreading malicious code for which there is not yet a fix. When carried over IM, they become zero-hour, real-time attacks. Figure 1: The Security Trap:  Source: Grey Consulting, April 2006
Multiple Points of Entry
Each public network IM system, e.g., AIM, MSN Messenger or Yahoo! Messenger, enters the enterprise using its own default firewall port. This is very much like SMTP email transactions use port 25 and Web HTTP transactions use port 80. Unlike SMTP and HTTP if the IM transaction’s default port is blocked, the IM transaction will try a different firewall port that is open. Firewalls have about 65,000 ports. Figure 2: Multiple Points of Entry:  Source: Grey Consulting, April 2006
It’s Not Just Instant Messaging
Over the last two years, Voice over Internet Protocol (VoIP) has become a stable within public network IM, joining file transfer and chat. Webcam video is increasingly being integrated into public IM networks. Messaging security breeches are no longer the sole domain of email. Each new e-communication media becomes a potential new vector – ripe for exploitation. What You Need to Do Now Secure IM with the same diligence as you do email. If you have no protection in place, evaluate IM security and management applications. Point products include Akonix, Facetime and IMlogic (acquired by Symantec). Many infrastructure and business applications integrate IM security and management functionality acquired through one of the point-product vendors. If you are considering the implementation of enterprise instant messaging (EIM), e.g., IBM (News - Alert) Lotus Sametime or Microsoft (News - Alert) Live Communications Server, evaluate the methods by which EIMs secure public network IM traffic. If you are investigating an email server or collaborative application (e.g., Web conferencing or social networking) that allows the use of public network IM, evaluate the methods by which they secure that traffic. Evaluate the flexibility and extensibility of the IM security and management applications. For example, assess the degree to which reporting and monitoring fit within your technology infrastructure. Technology policies should be flexible enough to align to business policies. Beyond IM, what e-communication medium are (or will be) managed? ------ Maurene Caplan Grey is the Founder, Principal Analyst of Grey Consulting. Prior to starting an independent firm, she was Gartner’s lead analyst on messaging, calendaring/scheduling and human communications. Earlier, she headed United Parcel Service’s global messaging environment. With over 20 years in the IT space, Grey is recognized within the IT corporate and vendor community as a subject matter expert. She has been widely quoted in print and broadcast media, such as the Associated Press, CNN, Forbes, The New York Times, Reuters and The Wall Street Journal. Grey is a a TMCnet columnist and frequent contributor to New Communications Review, Collaboration Loop and MessagingTalk. |