-
Russell Mickler, Principal Consultant, has over 17 years of professional experience leading and managing IT organizations.
Looking at the IM Threat
Written on August 21, 2006
Leave a Comment
|
Battle Ground Chamber of Commerce
THE THREAT OF IM
Prepared by Russell Mickler, CISSP MCSE
Principal Consultant, Mickler & Associates, Inc.
© 2006. All Rights Reserved.
About the Author:
Russell Mickler works a technology consultant in Battle Ground, WA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, and a Masters Degree in Information Technology. His website can be found at www.micklerandassociates.com and he can be contacted at 360.600.9508; mickler@micklerandassociates.com.
Not sure what IM is? Instant Messaging (IM) is big. IM is facilitated by products like Yahoo! Messenger, AOL Instant Messenger, and MSN Instant Messenger. A recent study by the Gartner Group in 2005 identified instant messaging as surpassing email as the primary way people interact electronically; more than 85% of all enterprises report using IM for business. Chances are your employees use IM products every day for personal and professional correspondence.
Unfortunately, the market is moving so fast in adopting IM that security mechanisms to protect your network haven’t caught up. IM is a complicated threat to the confidentiality, integrity, and availability of your company’s information system because of what it is: IM is an application that allows direct access to a computer. IM not only provides a way to exchange text messages, but it can also be used to share files, transmit screenshots, and even take over your computer.
Furthermore, IM can provide an easy backdoor for worms and viruses to infect a PC.
IM bypasses the safeguards introduced by your firewall – piggy-backing on traffic reserved for your Internet browser – which makes it easy to use but difficult to filter out. IM also bypasses the security of your anti-virus software which is programmed to look only at files and email, not instant messages, as a potential threat. In fact, Symantec – the manufacturer of Norton Anti-Virus software – claimed that IM and peer-to-peer applications were in seven of the top 10 threats to corporations in 2004; they also IM identified that threats are growing at 100-percent every six months. And that was just in 2004.
This kind of exposure can concern anyone with intellectual property but even more so regulated industries (medical, financial firms, education, pharmaceutical, and law) who may take great care to monitor inappropriate conversation by email but are totally missing IM.
Ideas for handling IM in the work place:
1. Block it. The most effective way – albeit the most painful for end users – is blocking instant messaging on your firewall or proxy server to deny its use on your network.
2. Remove it. Also effective but very painful, removing the applications and preventing their installation on client workstations.
3. Encrypt it. If IM must be used, make sure to encrypt the traffic – this is usually an option in the IM client software. Also check the vendor’s website on how to secure the IM client software for corporate use.
4. Upgrade it. Upgrade the IM client software to the latest version. IM software vendors like Microsoft address these vulnerabilities as soon as they can. In fact, there is a new and more secure version to Microsoft’s MSN IM at http://get.live.com/messenger/overview.
5. Audit it. Make sure the IM client software is not set to share the contents of your computer’s hard drive or network drives.
6. Set a policy on IM. Management can take ownership of this issue by placing a policy over IM use in the workplace.
7. Keep your antivirus product up-to-date. New features to handle instant messaging vulnerabilities are being introduced in the next year.
Instant messaging represents a new frontier in securing the corporate network. It is popular and easy to use; users can casually download and install it at will. However, there’s a threat in such convenience – it is also the area most likely area to see an attack from an outside party. A few good precautions may be able to contain liability and spare you a few headaches in the long term.