How to selectively block instant messages

BROWSE BY TAG Application Security,   Application and Platform Security,   IM Security Issues, Risks and Tools,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Do Facebook URL security concerns justify blocking social networks? What are Google Chrome's security features? Is there a way to block iPhone widgets that bypass Web filters? Should enterprises be concerned with Twitter in the workplace? Are there still Google Desktop security problems? Can an IP spoofing tool be used to spam SPF servers? Will an application usage policy best control network bandwidth? How can URL-shortening services be manipulated? IM Security Issues, Risks and Tools What are effective ways to stop instant messaging (IM) spam? Secure messaging complications result in limited protection Is it possible to ban chat programs on an enterprise LAN? How to lock down instant messaging in the enterprise AOL closes AIM attack vector, but risks remain Researcher says AIM still vulnerable, AOL insists it's fixed Serious security flaw in AOL Instant Messenger Security flaws found in AOL, Yahoo IM programs Flaw found in MSN Messenger AOL, Yahoo, Trillian IM applications under threat

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greynet  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Unfortunately, trying to block IM using a basic gateway firewall is very time-consuming, and you are unlikely to achieve more than limited success as many IM applications are designed to bypass firewall security. Although IM and P2P applications typically use a well-publicized port, many have the capability to exploit any open port on a firewall (port crawling). This would allow them to tunnel out through port 80, for example, which needs to be open for HTTP traffic. Once wrapped inside HTTP, IM traffic is virtually indistinguishable from regular Web traffic. AOL's AIM, for example, can communicate on many commonly used ports, such as 80 and 21 (FTP). This means blocking an IM application's default port doesn't work. IM protocols are constantly evolving to deliver new and more advanced features. Firewall protocol signatures do not get updated at the same time, so the synchronous nature of real-time connections means that many firewalls cannot cope with inspecting and analyzing communication traffic without dramatically impacting a network's performance. Another problem is that IM network providers have their own unique set of IP addresses that their clients connect to, and these IP addresses change frequently or at random. Because of these changes, you do not know which IP addresses to set the firewall to block.

If you need to monitor and control IM traffic across an entire network, consider using an application layer firewall, such as Cisco's IOS Firewall, which controls the traffic to and from a user-defined list of Instant Messaging Server hostnames. You can also try a gateway specifically tuned to detect IM and P2P use, such as FaceTime Communications Inc.'s IM Guardian RTG500 network appliance (www.facetime.com/solutions/security.aspx) or Akonix Systems Inc.'s L7 Enterprise, a software proxy gateway that allows you to secure and control access to public IM. To learn more visit www.akonix.com/. These products allow you to set access-control policies, enforce encryption, limit who can communicate with whom and require a minimum client version and standardized screen names. If you want to reduce impersonators and IM spam, you can use a standardized naming convention for IM handles that contains your organization's name. You should also ensure that network users choose a different IM account password to their network one, and let them know that password or account information will never be requested over IM by your IT department.

If you simply want to limit who can contact you via IM, most IM programs will let you create a contact list or "buddy list." A buddy list is similar to an email program's address book. You can block incoming messages from those not on your contact list or restrict who can add you to their list. Some applications, like Cerulean Studios' Trillian chat client, for example, use encryption. You may want to consider using encrypted programs if available.

More Information: