 |
|
|
| INFORMATION |
| Published : |
Dec 13, 2005 |
| Length : |
16 |
| Type : |
White Paper |
|
| |
|
|
| Overview : |
|
Use of instant messaging applications-like AOL Instant Messenger, Yahoo! Messenger, MSN Messenger and ICQ-and peer-to-peer applications has grown significantly. Although the benefits of real-time communication offer a productivity benefit to corporate environments, instant messaging and peer-to-peer applications add significant vulnerabilities and risks to an enterprise's security posture. New security risks include bandwidth misuse, additional vectors for virus and worm attacks, the ability to transfer files and the ability to take control of other machines. Download this white paper to learn more. |
|
 |
|
| |
| View All Items By This Company |
| Browse Related Categories : |
Anti Spam, Anti Spyware, Anti Virus, Bandwidth Management, Email Security, Employee Performance, IT Management, Internet Security, Intrusion Detection, Intrusion Prevention, Patch Management, Policy Based Management, Productivity, Secure Instant Messaging, Security Management, Security Policies, Software Compliance |
|
|
|
|
|
Use of instant messaging applications-like AOL Instant Messenger, Yahoo! Messenger, MSN Messenger and ICQ- and peer-to-peer applications has grown significantly. Although the benefits of real-time communication offer a productivity benefit to corporate environments, instant messaging and peer-to-peer applications add significant vulnerabilities and risks to an enterprise's security posture. New security risks include bandwidth misuse, additional vectors for virus and worm attacks, the ability to transfer files and the ability to take control of other machines. For additional information regarding risks involved with instant messaging and peer-to-peer applications, view the Internet Security Systems (ISS) whitepaper, Risk Exposure Through Instant Messaging and Peer-To-Peer (P2P) Networks.
This paper identifies the techniques that can help businesses block, control and tailor the use of instant messaging applications and peer-to-peer applications with Internet Security Systems' Proventia Intrusion Prevention Appliances.
Overview
The appropriate instant messaging and peer-to-peer events are described in the following sections, which include a short description of what each event consists of. Detailed step-by-step instructions that describe how to enable in-line blocking for peer-to-peer and instant messaging events using the Proventia Intrusion Prevention Appliances are also included.
The events in this document are categorized in two groups: Instant messaging (IM) events and peer-to-peer events. In ISS' SiteProtector cent ralized management system, events may be grouped and located in different areas of the configuration menu based on the type of event. Events can also be located under the IM, File Sharing and Audits categories, as well as under the X-Press Update (XPU) tab.
There are five common steps to enable protection from instant messaging and peer-to-peer threats in the Proventia Intrusion Prevention Appliance:
1. Enable In-Line Blocking mode
2. Create a new blocking policy in the Proventia Intrusion Prevention Appliance
3. Enable the desired event to block
4. Assign the appropriate blocking response (i.e., drop connection with reset)
5. Set the appropriate priority for the events selected
6. Apply the policy
Important note: As with any signature, Internet Security Systems always monitors real-world events and customer feedback to determine if an event is generating false positive or false negative instances. Some signatures may display these anomalies. Descriptions of these instances can be seen in the event help window which is displayed when selecting an event. Events marked with an asterisk ( * ) throughout this document are known to have false positive/negative instances and should be reviewed in your environment before implementing. Enabling Simulation mode in Proventia Intrusion Prevention Appliances allows for the testing of new policies prior to implementing them.
Instant Messaging Events
AOL Instant Messenger (AIM)
AOL Instant Messenger (AIM) has had several security-related issues, including a buffer overflow in the game request parsing engine, which was reported on January 2, 2002 by Internet Security Systems. This issue included a certain type of specially-crafted game request that could be made to an AIM user causing an area in memory to be overwritten with arbitrary data supplied by an attacker. This data could then be coerced into executing on the remote user's computer, thus enabling an attacker to take control. AOL has patched this bug, but this is not the first vulnerability to affect AIM. These security threats are becoming more prevalent as the code for these clients become more complex.
The events in the section below allow administrators to tailor how AIM is used on their enterprise's network. Administrators can completely block the use of AIM or tailor a policy which would allow its use but not allow file transfers or encrypted dialogue. Internet Security Systems recommends blocking of all exploit events.
MSN Messenger
MSN Messenger (also known as .NET Messenger and Windows Messenger) is the fastest growing instant messaging service. Much of this growth is a result of Microsoft automatically shipping MSN Messenger with Windows XP, as well as the integration of MSN Messenger with Microsoft Office and Microsoft's Hotmail service.
The events in this section allow administrators to block the use of MSN Messenger on the network. Internet Security Systems will add additional events specific to MSN Messenger in the future as they become available.
Yahoo! Messenger
Yahoo! Messenger has the weakest security features of the major instant messaging platforms. Its protocol does not encrypt usernames and passwords, making it risky to even log into the system.
|
|
|
|
 |
|
