-
IM applications create no greater holes than nearly any other client software (web browser, email client, etc) in fact using a good content proxying firewall your IM applications can lose minimum functionality (loss of file transfer ability) and be more secure than other clients like email or web browsers as these deal with a wider range of content types and locking them down to essentially text only would render them more or less useless.
However, on a theoretical level... to the best of my knowledge there are no provable secure IM clients so with all things being equal, they will introduce new security issues.
catch
-
While reading through this thread my original intent was to direct this question to breakology , but after reading the rest, I believe I should ask all.
What about the recent attempts to tunnel the instant messenger services through a common port, such as port 80? How do you deal with this? How are you detecting it?
-
The main problem with Instant message progs is that the data your are sending is not encrypted, anyone stealing packets coming out of your network can read everything you include in the message. I know AOL IM uses TCP ports 5190 and 4443, if you want to prevent AOL IM, I'd disable those ports.
I've also read something on forced file download through IM, if it's not configured right.
-
Quote:
Originally posted here by Fallow Undertow
The main problem with Instant message progs is that the data your are sending is not encrypted, anyone stealing packets coming out of your network can read everything you include in the message. I know AOL IM uses TCP ports 5190 and 4443, if you want to prevent AOL IM, I'd disable those ports.
I've also read something on forced file download through IM, if it's not configured right.
Two things:
1. several IM clients (like AIM) do support encryption.
2. Encryption is a bad thing from a security standpoint as it makes the users less accountable to the system custodians. Plain text data is more secure than the phone as it is more auditable.
catch
-
Let me add one point that may be overlooked. It's not necessarily the application that causes the most harm here but the intelligence of the average user of that application. (hint, hint)
It is not good practice under any circumstances to have IM ports open on your firewall, but as stated before if you lock everything down enough....I still don't like it. Sorry, I would say no to any user. BUt then again that's just me. ;)
my 2 cents.
-
Sorry if this is a little off topic for this thread, but I was wondering what peoples thoughts are on Microsoft's Netmeeting. We have a few requests to open our firewall to allow Netmeeting through to the internet. We have dug in our heels and said no to this point, but I would like some other opinions on the risks associated with Netmeeting.
Thanks
Cheers:
-
Security risks and M$ products....hmmm....let me think, synonymous? You be the judge.
-
I wouldnt open Netmeeting out to the internet if I had a choice. MS and security dont really go together. Unless I have proof that netmeeting is really secure then I would consider. Unless they have a really good reason to open the ports for netmeeting, I wouldnt allow it. If they really need netmeeting to connect to the internet. then setup a DMZ and a system to allow them to do that with nothing on that system except what they need. Also explain the risks to them and get them to acknowledge that accept that they will bear the risks associated.
-
You can "assume" there will be security threats with any P2P client or Instant Messaging clients. What you can do however, is lock out much of the vulnerability at the firewall. Also, you install and configure IM for your users. Create a local policy that will not allow them to make changes to the configuration. There are methodical ways to prevent IM from being a risk, but your best course of action will 'begin' at the user level. It has proven successful in our company to bring in end users in groups to a scheduled meeting and toss around some statitics and tell some stories to enstill awe and then let them know "how they can be an active influence to keep hackers out of our network".
-
well if u dont want to get infected just turn of the network........ keep it a colsed cercuid network....... not internet connection...... e_mails can be stored on a server Pc... that is connected to the internet..... Checked then frwded to the resipients........
who will only have sertain ports open.... this will make the lan "" almost "" inpermiable....... but also will limit it usefullness since e_mail will take more time to get to recipients......& so on
but it will surly be as secure as posible....... u can even limit the Hdd of mashines... then they can be scaned every 6H with an AV... ":I think this will be costy:"
plus u can take out all the CD's & FDD's & USB's from the terminals.. this will protect it internaly... just have a PC with these on the network if some 1 needs to get progs from CD's
or Fdd's... make it a charable PC... like Printers on LAN's ... also let every ..like 20 terminals have 1 FDD & CD enabled Pc... witch will be supervised by a security personel...
this could be a little extrem but it does the job..
this way no 1 from inside or outside can .... take out the data.... undetected.......
but it keeps 1 problem....... the ppl who r using them..... they can be tricked to give out info to ppl who must not have it...........
this is a problem that could be solved by......... ceminars ........ & so.......
but as it is said before..... ther will be "rat" who wont obay the rules
but with no direct connection it is possible to avoid this problem......
the Question is how far are you ready to go......
