Securing IM

Printable View

May 21st, 2005, 01:04 AM
waytallgel

Securing IM

Heya folks, once again I have a question for yall. So recently I've been put in charge of finding a program to secure our IM chat and transfers with some sort of encryption or something. We also would like the ability to log all conversations. The company wants to stick with using MSN messenger because they don't want everyone to have to get used to another messenger program. Anyway, I was going to use Network Twister from www.networktwister.com. However, whenever I install it on a server and get it up and running it seems to take up all the spare processing time. On a server with 2 processors it just takes all the processing time on one. I've tried disabling McAfee but that didn't seem to make a difference. This is on a win2k3 server fully patched. Oh, there's also an error that comes with it. I'll attach the txt file with the contents copied in. I've also tried starting the service as administrator, which made no difference either.

So anyone have any idea what's going on? If not, anyone have any ideas on a different program I should try out? Anyway, it will probably be Monday before I can check the site again so thanks in advance.

Thanks,
Greg
May 21st, 2005, 03:47 AM
zENGER

Just curious on how they expect you to implement that piece of software. It looks like a server piece that you connect to, with the MSN client? If thats the case the MSN client only talks in clear text as far as I know. You said that you want to continue to use this client because of the ease of use and the fact that everyone is used to it, but this might be a bad idea being that the client itself isn't that secure. I personally suggest jabber. Its an open source IM type deal. There are many clients that connect to a jabber server, and you can setup gateways where the connected clients can talk to MSN/Yahoo/etc services from their one client. Client to server communication is encrypted, although if you leave your own network and goto one of the major ones like MSN or such it will of course be in clear text as this is what their service accepts.
May 23rd, 2005, 04:12 AM
wildred

I am not too sure about the encryption part, but what I recently implemented was Microsoft Office Live Communications Server 2005 which works well with SQL to log the conversations. As for encryption, I will look further into that. The "downside" with the switch is cost, and a slighty new UI. Instead of using MSN messenger, you will have to switch to Windows Messenger. They are VERY similar. You will need the latest version of Windows Messenger as well to support the SIP connection. It was fairly easy to setup as well. Just my 2cents.

As an added note, you said you have a 2k3 server fully patched...does this include SP1? If so, is Network Twister compatible with SP1? Do you need to make any changes in the SP1 firewall? Can't say I have used it before, but those are some things to look at. Best wishes.

Links for LiveServer and Windows Messenger:

http://snipurl.com/alo8

http://snipurl.com/b2n6

Edit: Looks like you CAN do encryption...sorry its late at night and I forgot about this feature....just came back from Alaska too :)

http://snipurl.com/f2p7
May 23rd, 2005, 07:16 AM
robakam

Have you looked at this:
http://www.secway.fr/products/all.php?PARAM=us

"Simp Pro secures your MSN, Yahoo!, ICQ and AOL instant messenger clients.
For corporate environments and more demanding users, SimpPro encrypts and authenticates messages as well as file transfers (MSN Messenger only), making it the most comprehensive instant messenger security add-on.
It is also easily administered using GPOs."
May 23rd, 2005, 02:52 PM
kr5kernel

Gaim ( the opensource version of AIM) has the ability to use an SSL plugin. I know you said you didn't want to really switch from MSN, but it might be something to check out:

http://gaim.sourceforge.net/faq-ssl.php

<edit>

Gaim will also work with MSN and jabber over SSL

</edit>
May 23rd, 2005, 03:29 PM
yoelma

Actually, Im a network administrator for a network of about 70 users. I had an issue of securing IM at first, and I also wanted to log all conversations and make my users only use AOL instant messenger. I found a new program which was released in february to the market called IM Manager by IMlogic. Its really really amazing, i've been using it for a couple of months and I got absolutely no problems at all. Now, i have all the conversations logged, everybody uses AIM, im blocking certain file extenstions from being sent or received, i block messages with certain keywords to be sent, i actually caught one of employees leaking confidential information, as I had a keyword monitored so the prgram prompt me with it, and he was fired. An incident happened to a company lately which I cant remember its name, but they got infected by a virus over IM and lost over 1000 computers and they had to pay around $350 to fix every computer. If they had used IM Manager by that time, they would have saved $350000. The program is not expensive at all and very easy to set up. If you have any more questions, please dont hesitate to ask. Regards.
May 23rd, 2005, 03:47 PM
wildred

Dont forget folks, this guy/girl wants to stick with messenger (MS).
May 23rd, 2005, 04:43 PM
yoelma

yeah...IM Manager integrates all these clients like MSN, yahoo, AIM, ICQ, jabber, ..etc
So he can choose just to operate MSN if he wants.
May 23rd, 2005, 05:10 PM
kr5kernel

Sounds like that company coudl have saved $350,000 by purchasing anti-virus or having better security policies in place to begin with.

Anywho, check out Gaim, liek I said it works with MSN, and it has the lowest cost around....free.
May 23rd, 2005, 05:24 PM
waytallgel

Cool, thanks for all the advice folks, think I'm going to take a look at SimpPro. They seem to have some cheaper pricing too. Now I just gotta see if I can find a Trial version to experiment with. I think I'll take a loot at IM manager too, I don't see a trial version for them either. Oh well, will see if they will send me one along with a quote for pricing.

Thanks again,
Greg
May 23rd, 2005, 05:26 PM
yoelma

I agree that gaim is a really good program but I really dont think its what greg is looking for.
The company I talked about was hit with a new virus which even the latest antivirus software could not detect, it was spread through IM, and what I was trying to say is that IM Manager wouldn't have allowed it to spread to Reuters network. Check out the article about it on http://www.wallstreetandtech.com/sho...leID=160901619

So, if this situation happened again, IM Manager would stop it, my question is will Gaim stop it from hitting the network?
May 23rd, 2005, 06:13 PM
kr5kernel

<quote>The IM with key exchange provides you the most secured conversation by first negotiating a secret key with the SILC Key Exchange protocol. The SILC Gaim includes a NAT detector, and as long as one of you are not behind NAT you will be able to negotiate the keys automatically. </quote>

According to SILC, if the garbage was coming from outside a firewall, it looks like it wouldn't be accepted, unless someone from the outside had the key and established the connection first.

I would guess this would limit the amount of unsecure communciation and random worm im'ing, at least in theory.
May 24th, 2005, 03:06 PM
yoelma

anyways, Greg, you can go to www.imlogic.com to find out more about IM Manager.
They have a free program on the website called IM detector pro..you run it on your network and it gives you a summary of the IM traffic on your network, like number of messages sent, received, file transfers sent or received, and so on..
Good luck!
May 24th, 2005, 09:46 PM
okay

Or you can just sniff the packets using Ethereal.

Honestly, I don't understand what the guy in this thread is trying to say, so if someone could clarify, I would be appreciative.

As for IM Manager, why dish out any cash for something that can be easily restricted by an administrator through file permissions and security policies.
May 24th, 2005, 11:42 PM
waytallgel

Okay,
The first goal I am trying to accomplish is to encrypt the text that is sent from IM, MSN Messenger in specific. I believe one of the things IM Manager does(along with some of the others listed) is sets up software on a server on the network that the MSN clients use to go to instead of a xxx.msgr.hotmail.com or whatever MSN uses out there on the internet. So, you point the clients to this server. (via DNS or Hosts file, I think there's another way too, but don't remember what it was off the top of my head.) Use that and the encryption software I think they provide (still have to go through the demo with them) and people shouldn't be able to sniff the packets and get anything useful using Ethereal. I don't think this can be done using file permissions and security policies. These software packages provide many other services that I will probably utilize but my main goal was securing the data that was discussed across IM Chat.

Thanks for the help,
Greg
May 25th, 2005, 12:00 AM
okay

Why not just use SSL and not pay for an overpriced piece of software?

My statement regarding security policies and file permissions was regarding an IM worm that yoelma was talking about. There are ways to stop worms, viruses, and other wrongfully intent software from doing havoc that don't include a firewall and anti-virus program.

Is it me or does it seem as if two people in this thread were the same person?
May 25th, 2005, 12:34 AM
waytallgel

ahh, I see, yeah I'm not too worried about viruses/malware, as there are policies in place and AV, firewalls, etc... However as far as getting MSN messenger to use SSL I must admit that I'm not sure how I would accomplish this. So, I'm going to google for a while on it and see what I find out. If you have any links Okay pointing me in the right direction I would appreciate it.

Thanks,
Greg