Does anyone know of any IM security holes that could potentially be a thread to a network?
I don't need any flames, yes I have checked google, and I am searching everywhere......I'm just wondering if anyone here remembers any off the top of their head.
Any help would be appreciated
March 1st, 2002, 06:41 PM
Maybe it's just me, but what kind of 'network' are we talking about? (LAN, WAN, NT, Novell)
March 1st, 2002, 06:48 PM
I am convinced that they are a security issue waiting to happen...I just need something concrete to show my manager before disabling the ports :)
March 1st, 2002, 06:50 PM
Are you talking about a WAN going into a LAN? Like blocking ports of your LAN from being accessed by the WAN?
March 1st, 2002, 06:54 PM
Need more input
You might want to give a little more info about your setup. Telling us that you have a WAN full of hole is nice, but without specifics you aren't going to get very far. :D :D :D
March 1st, 2002, 06:57 PM
Get your hands on something like NMAP. Scan your entry point (hopefully a firewall) for the open ports. Armed with that knowledge, go to Mr Google and do a search for exploits related to those ports. Print that Info. and give it to your manager suggesting, if the open ports are not required to do business, then they should be shutdown because of the risks.
March 1st, 2002, 07:03 PM
k41d3r07h> Make sure you specify IM security holes in your message also. I normally don't look back at the subject to remember what I am reading about. Looking at your message made it look like you were just asking for any security holes, not IM related holes.
What IM are you using. There are holes in just about all of them, but they do get patched quite often. Also, an improperly configured client, or a user that is easy to social engineer, can cause even bigger holes within your network.
March 1st, 2002, 07:10 PM
I see your point souleman...I just noticed my first message and didn't mention security holes in IMs specifically...........I will edit that
I'm actually looking at all of them.
I know people are using ICQ, AIM and M$Messenger.
I know of many holes that come out....but I need good REASON to disallow their use.
As in, "Hello Manager, These programs are a threat to xxxxx corp. because of yyyyy. Hence I think we should discontinue the staff's ability to use such programs"
March 1st, 2002, 07:17 PM
Find out if your HR department gets "Best Practices in HR" Issue 705 (Jan. 3,2001) issue has am article about why you shouldn't use IM in a business. IT doesn't go into a lot of details, but it does talk about Privacy risks, Information risks, and Virus risks. It includes things like the fact that getting a file via IM doesn't go through a virus checker, so unless it is exlicitly checked, the user may install a virus before (s)he knows what hit them.
March 1st, 2002, 07:28 PM
Sorry man, I too didn't know you were talking about Instant Messaging systems. These days, these systems are very popular for spreading a bunch of nasty Viruses and Trojan's. If your Manager/Company is not concerned about these risks, they should be.
In addition, here are a couple of links you may want your manager to checkout: