IM security risk

Do you monitor or pay attention to employees using self installed versions of Instant messanger service (yahoo, AIM, msn).

Quote:

---

Some IT managers are concerned that IM can send files that are not virus-checked past corporate firewalls , creating a threat to network security

---

For example normally AIM runs on port 5190, but the last corporation I worked at had it blocked so I simply made one quick change (edited to port 80) and presto it worked. I was able to receive file transfers and everything. Sophos didnt even think twice about scanning it. Should your company have a policy on policing this? Heads up for sys admins.

you can find more here

Most corp's (i know mine does) usually forbid IM Clients...
Not only is it a security risk, it is seen as distraction, blah blah blah, etc…

Some companies see IM as a good investment (it’s cheap communications)… although in that case the will buy an AIM lookalike “suited for business”, lol …

btw- there are virii/worms esp. coded for IM clients...

First of all, I dont give them the permissions to install anything. Second, you can buy a lot of tools for scanning all content going through a proxy server. An example is GFI DownloadSecurity which scans all FTP and HTTP traffic. http://www.gfi.com/dsec/index.html

Quote:

---

btw- there are virii/worms esp. coded for IM clients...

---

How do these get sent or replicate? and what do they do, I havent seen any. Perhaps that is because i have everything up to date?

As far as not allowing people, what about said persons that bring their own computer in? Or contractors? I am not sure if you allow either but whether your computer gets on the domain or not it could still be a virus/security threat right?


Edit: what about your sales guys, do they have laptops? are they allowed to install apps? Just curious

The IM worms are pretty lame, and only work by user error…

http://www.newsfactor.com/perl/story/16355.html
http://news.com.com/2100-1001-837556.html
http://online.securityfocus.com/news/331

Just a few links…

All they do is infect the machine, and then IM every one on buddy list asking them to accept the Direct Connect, claiming stuff like “Cool Game” or “Download Me”…

I know of at least one government agency that blackholes all of the IP ranges for the IM services. And when they start seeing new IM traffic to new IP blocks, they blackhole those too. It's pretty effective, regardless of the ports you use.

Another good way for user's to get around what ever firewall, etc.. the admin may be using... java applet IM clients that run from a server... I know of at least one (for AOL AIM) http://toc.oscar.aol.com/tic.html ?

Quote:

---

Originally posted here by tampabay420
Most corp's (i know mine does) usually forbid IM Clients...
Not only is it a security risk, it is seen as distraction, blah blah blah, etc…

---

That is what we do where I work - I know what software is on the PC's that I am in charge of, and I continually monitor those PC's to see if anything has been installed that is against company policy.. Further, our firewall is setup to not allow any of that traffic through (at least on their default ports anyway - there are ways around this)... We don't want our users using any IM clients for any purpose...

Quote:

---

Some companies see IM as a good investment (it’s cheap communications)… although in that case the will buy an AIM lookalike “suited for business”, lol …

---

Very true - here is an article from eWeek that discusses how some corporations are turning to IM for a legitimate business purpose..

http://www.eweek.com/article2/0,3959,768018,00.asp

Also, I'm going to throw in another link here - it's also from eWeek and it lists a bunch of other articles related to IM and it's use in business..

http://www.eweek.com/search_results/...=im&site=eWEEK

There is also icq2go.. wich runs in your browser. Indeed, they might be a security issue. Anyway, there are some ways you can stop your nice employees that think they will get away with it.. proxies, and stuff. You may also not allow them to run stuff from their home directories (I don't know how to do it in windows, but in linux, a noexec on /home partition would be enough).
I think the worst problem here would be distraction. Nevertheless, virus dissemination is an issue, and you should be aware of it. But who allowed them to use IM? Tell them off. :D . Serious. If your politcs doesn't include allowing people to use im, so, they shouldn't be using. You could think about some explanation on this subject, before starting punishment.
Let's now think on what would be the positive points of allowing the use of im instead of prohibiting.. like some have already said, it is an effective and inexpensive way of communication. It's much cheaper to send a PDF than a fax from Brazil to Japan, for instance.

We don't block IM systems but discourage their use - for this reason they are particularly popular. It's a real problem around the time that new upgrades come out too because everyone downloads them and hogs the bandwidth. But that's not the real problem I've found with IM. The problem with IM (IMHO) is that users see them as chatter and easily disclose information you'd probably rather they didn't. Also that the audit trail is often easy to capture, so often I've been able to pick up users conversations - which are often of an adult content - for several months past. This is a legal concern when allegations of harassment or bullying are raised.

Rachel

Ok I'm no big admin, I just run a coyote box with a bunch of computers on a switch. But I have noticed that AOL has an "enterprise" edition of their aim. Here's the link: http://www.aim.com/get_aim/enterprise/enterprise.adp

and a basic copy paste of their site (for those who would not view the link otherwise):

-------------------------------------------

Updated 4 November 2002


New! Enterprise AIM Services

Enterprise AIM Services Drive Business Value
The majority of interactions in the workplace are quick exchanges of information such as updates, questions, and escalations. Using the power of presence and real-time communications, Enterprise AIM Services enable employees to immediately learn the availability status of a colleague and benefit from fast, highly valued "virtual hallway conversations" wherever and whenever they are needed. These quick and coordinated exchanges also increase opportunities for collaboration and boost employee connectivity.

Enterprise AIM Services Address Key Enterprise Requirements:


+Control to restrict use of instant messaging by all or part of the employee population
+Security to guarantee the identity of users and compatibility with existing virus checking
software
+Centralized management to maintain consistent user identities across corporate
communication tools
+Logging and auditing services to copy and store messages to and from all or select users for
subsequent auditing by keyword patterns, date ranges, and names
+Reliability to ensure dependable, continuous service

AIM Enterprise Gateway
Now available, AIM Enterprise Gateway increases the value and manageability of AIM for organizations. Deployed onsite, AIM Enterprise Gateway acts as a proxy between users inside the corporate firewall and those on the public AIM network, enabling enterprises to manage and control employee usage of AIM services. AIM Enterprise Gateway provides Identity Management Services that enable administrators to control access, routing, and permissions. AIM Enterprise Gateway also features Archive and Audit Services that monitor AIM usage, log and audit messages, and create reports.

Optional features include Private Domain Services that allow an enterprise to create friendly Screen Names that follow the structure: [email protected] and Federated Authentication that enables an enterprise to manage user Screen Names from the corporate directory.

AIM
The AIM Enterprise Gateway supports AIM on the desktop. AIM features high ease of use and other well-known AIM features including privacy controls, file transfer, custom away messages and preference settings. It enables enterprise users to communicate with employees inside an enterprise or with partners and customers outside the organization. When deployed with AIM Enterprise Gateway, messages between employees are automatically routed locally rather than sent over the IM network. This ensures that AIM conversations within the enterprise stay behind the corporate firewall. With combined wireless support through partnerships with wireless carriers, mobile employees can also use their wireless devices that support SMS (Short Messaging Service), WAP (Wireless Application Protocol) or embedded clients to connect with AIM.



AIM Enterprise Gateway enables Administrators to set
permissions at the enterprise, group or user level.

Unfortunately, they're not really all that easy to block. AIM is one of the worst. It will scan for a way out. If it can't get out on its normal port, it will try another and another until it does. I've gotten it to work going out port 23, 22 and just about anything else that's open through the firewall. You can block those ports and force the use of a proxy, but it may make some folks very unhappy.

I'm looking at control, rather than flat-out denial. Two things I'm considering are:
1. Yahoo! IM Enterprise Edition - I can bring the Yahoo! IM in-house, and allow portals to the outside. This includes controls over content and to whom the users can talk.
2. Exchange 2k now has a chat feature. It won't give them outside chat facilities, but it will give them the ability to use chat as a production tool. Then they won't have the legitimacy to claim they actually need it for work.

-- Director