Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: IM security risk

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741

    Post IM security risk

    Do you monitor or pay attention to employees using self installed versions of Instant messanger service (yahoo, AIM, msn).

    Some IT managers are concerned that IM can send files that are not virus-checked past corporate firewalls , creating a threat to network security
    For example normally AIM runs on port 5190, but the last corporation I worked at had it blocked so I simply made one quick change (edited to port 80) and presto it worked. I was able to receive file transfers and everything. Sophos didnt even think twice about scanning it. Should your company have a policy on policing this? Heads up for sys admins.

    you can find more here
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Most corp's (i know mine does) usually forbid IM Clients...
    Not only is it a security risk, it is seen as distraction, blah blah blah, etc…

    Some companies see IM as a good investment (it’s cheap communications)… although in that case the will buy an AIM lookalike “suited for business”, lol …

    btw- there are virii/worms esp. coded for IM clients...
    yeah, I\'m gonna need that by friday...

  3. #3
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    First of all, I dont give them the permissions to install anything. Second, you can buy a lot of tools for scanning all content going through a proxy server. An example is GFI DownloadSecurity which scans all FTP and HTTP traffic. http://www.gfi.com/dsec/index.html
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  4. #4
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    btw- there are virii/worms esp. coded for IM clients...
    How do these get sent or replicate? and what do they do, I havent seen any. Perhaps that is because i have everything up to date?

    As far as not allowing people, what about said persons that bring their own computer in? Or contractors? I am not sure if you allow either but whether your computer gets on the domain or not it could still be a virus/security threat right?


    Edit: what about your sales guys, do they have laptops? are they allowed to install apps? Just curious
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  5. #5
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    The IM worms are pretty lame, and only work by user error…

    http://www.newsfactor.com/perl/story/16355.html
    http://news.com.com/2100-1001-837556.html
    http://online.securityfocus.com/news/331

    Just a few links…

    All they do is infect the machine, and then IM every one on buddy list asking them to accept the Direct Connect, claiming stuff like “Cool Game” or “Download Me”…
    yeah, I\'m gonna need that by friday...

  6. #6
    I know of at least one government agency that blackholes all of the IP ranges for the IM services. And when they start seeing new IM traffic to new IP blocks, they blackhole those too. It's pretty effective, regardless of the ports you use.

  7. #7
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Another good way for user's to get around what ever firewall, etc.. the admin may be using... java applet IM clients that run from a server... I know of at least one (for AOL AIM) http://toc.oscar.aol.com/tic.html ?
    yeah, I\'m gonna need that by friday...

  8. #8
    Originally posted here by tampabay420
    Most corp's (i know mine does) usually forbid IM Clients...
    Not only is it a security risk, it is seen as distraction, blah blah blah, etc…
    That is what we do where I work - I know what software is on the PC's that I am in charge of, and I continually monitor those PC's to see if anything has been installed that is against company policy.. Further, our firewall is setup to not allow any of that traffic through (at least on their default ports anyway - there are ways around this)... We don't want our users using any IM clients for any purpose...


    Some companies see IM as a good investment (it’s cheap communications)… although in that case the will buy an AIM lookalike “suited for business”, lol …
    Very true - here is an article from eWeek that discusses how some corporations are turning to IM for a legitimate business purpose..

    http://www.eweek.com/article2/0,3959,768018,00.asp

    Also, I'm going to throw in another link here - it's also from eWeek and it lists a bunch of other articles related to IM and it's use in business..

    http://www.eweek.com/search_results/...=im&site=eWEEK
    - Maverick

  9. #9
    There is also icq2go.. wich runs in your browser. Indeed, they might be a security issue. Anyway, there are some ways you can stop your nice employees that think they will get away with it.. proxies, and stuff. You may also not allow them to run stuff from their home directories (I don't know how to do it in windows, but in linux, a noexec on /home partition would be enough).
    I think the worst problem here would be distraction. Nevertheless, virus dissemination is an issue, and you should be aware of it. But who allowed them to use IM? Tell them off. . Serious. If your politcs doesn't include allowing people to use im, so, they shouldn't be using. You could think about some explanation on this subject, before starting punishment.
    Let's now think on what would be the positive points of allowing the use of im instead of prohibiting.. like some have already said, it is an effective and inexpensive way of communication. It's much cheaper to send a PDF than a fax from Brazil to Japan, for instance.

    Found in a diary:
    \".... and yes, since i am a l337 hax0r, i am also using vi to write this. ^[[D^[[B^ exit ^X^C quit :x :wq dang it :w:w:w :x ^C^C^Z^D\"

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    103
    We don't block IM systems but discourage their use - for this reason they are particularly popular. It's a real problem around the time that new upgrades come out too because everyone downloads them and hogs the bandwidth. But that's not the real problem I've found with IM. The problem with IM (IMHO) is that users see them as chatter and easily disclose information you'd probably rather they didn't. Also that the audit trail is often easy to capture, so often I've been able to pick up users conversations - which are often of an adult content - for several months past. This is a legal concern when allegations of harassment or bullying are raised.

    Rachel
    668 - the neighbor of the beast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •