The messaging environment continues to evolve at an incredibly alarming rate. When Samuel Morse typed the message, "What hath God wrought!" on 24 May 1844, the world of message delivery changed forever. But never has it changed more than in the past 5-to-10 years with the explosion of email and Instant Messaging (IM). Once limited to desktops, IM is now available via handheld devices and cell phones, allowing users to chat from virtually anywhere, even becoming a staple mode of communication in business environments. With recent developments making IM protocols interoperable, users from one network are now about to communicate with users on another network.
However, IM is accompanied by its own share of security risks. Because IM is generally unprotected and unmonitored, it's vulnerable to attacks and can easily expose all users in an IM contact list to the same attacks via IM sent from that machine, creating the potential for rapid proliferation. In such a scenario, it's likely that any malicious code that propagates through one of the protocols will also propagate through the other, potentially impacting more users with minimal effort.
The most prevalent threats to IM include:
* Worms and Trojan Horses
Similar to threats sent by email, worms and Trojan horses via IM can compromise the integrity of IT systems. Too many IT departments focus on solely on email threats because they are not aware of the number of people using IM in their businesses. This is because individual users can load IM programs directly onto local computers, and IM traffic is often undetectable at the network level. According to the IMlogic Threat Center, "90% of IM-related security attacks included worm propagation; 9% delivered viruses; 1% exploited known client vulnerabilities or exploits." Via an IM program, it's possible for a Trojan horse to configure the client to give access to all files on a computer via peer-to-peer file sharing. Ultimately this opens up the entire computer system to attackers.
* Password Stealing and Impersonation
Hackers can use Trojan horses to gain access to an IM password if it's stored on the computer. Using this method, hackers can have access to the user's screen name and the user's entire list of IM contacts. Impersonation is not only harmful to the victim whose password has been stolen, but to anyone who interacts with the hacker and divulges personal information, or executes any files sent by the hacker under the guise of the user.
* Theft of Log Files
Similar to other forms of information theft, IM log files, which may be stored on a user's computer, are vulnerable to hackers. In many cases, these files may contain sensitive or private data from a past IM conversation the user has long since forgotten about. This information is readily available via IM logs, however, and can be devastating to businesses if exposed, causing tainted reputations, legal problems, and in some cases, loss of the business.
*Denial-of-Service (DoS) Attacks
A DOS attack via IM happens when a hacker sends a flood of messages for the purpose of overloading the resources of a computer or network. By the time the victim tries to add the hacker's screen name to the list of parties that the IM program should ignore, the computer may freeze or crash. Though DoS attacks tend to be more of a hassle and less of a threat than other types of hacks, they can be harmful when hackers combine DoS attacks with other security breaches such as shutting out users from their accounts to hijack systems.
* Privacy Intrusion
Outside parties can capture information to use in malicious ways, and employees may not be aware of the ramifications of their IM conversations. Businesses could be legally or financially at risk if employees send confidential information that's subsequently gathered by outside parties. Many IM programs don't offer encryption, making it easy for a third-party to eavesdrop on IM conversations using different types of programs such as packet sniffers. Businesses can deal with these risks by enforcing an IM policy that restricts the type of information that can be exchanged via IM and setting up a system to encrypt IM conversations.
TO BE CONTINUED ON PAGE 2
How to Protect against IM Threats 2
* SPIM
Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names. To reduce spim, businesses should advise employees against listing screen names on any public directories or websites, and also to configure their IM clients to accept messages only from an approved list of contacts.
While many of these threats have the potential to wreak havoc on any business, there are a few steps businesses can take to mitigate IM threats so they can fully enjoy the benefits of IM:
* Install IM Security Tools
IM security tools span a variety of functions from capturing data sent over IM, to monitoring and tracking unusual IM behavior which may indicate misuse or virus-related security breaches. By installing IM security tools, businesses will have a more comprehensive, centralized solution to help manage IM usage within the company.
* Educate Employees and Create Corporate Policies
Employee education on any exchange service is paramount in securing the IT infrastructure, but especially on IM usage because of the potential for rapid proliferation throughout the network. Businesses should make it a priority to learn about the best safety and security practices and incorporate them into company policies. To protect businesses and employees, businesses should define appropriate uses of IM in the workplace and encourage precautionary measures such as not storing IM passwords on the computer.
*Secure IM Logs
Because IM programs automatically create and store logs of all conversations on a user's computer, hackers can obtain valuable information on a business, including specific statements made during a conversation as well as business secrets discussed via IM. One way to secure IM logs is to store them behind a corporate firewall or even delete the logs. These options are available in the preferences section of the program.
* Use Vulnerability Management Tools for Compliance
Businesses can install and use vulnerability management tools to gain an overview of IM software installed on employee machines. Using these tools, they can monitor whether employees have made any changes to their IM programs that violate business policies, and make sure that desktop firewall and antivirus programs are being used properly.
* Install Desktop Antivirus and Firewall Programs
Since spam sent over IM typically requires users to download and open an attachment. Security at the desktop and firewall level can guard against threats by blocking an attachment or cleaning an infected file. Installing desktop firewalls help protect individual machines from attacks from within an organization or through a LAN. Desktop firewalls are also good for those in a remote office or who handle sensitive data. Businesses should also install desktop antivirus programs to provide a final line of defense against viruses, worms, and Trojan horses.
* Install and Update IM Patches
The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. Businesses can reduce the risk of attacks to their computers via IM by installing and updating IM patches regularly.
There are many advantages to using IM in a business setting. If businesses choose to use this communication tool, they need to understand the security threats to IM and how to protect their business. By educating employees, enforcing policies, installing protective technologies, and, where possible, encrypting IM conversations, organizations can continue to enjoy the benefits of using IM as a business tool while also managing its risks.
Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names. To reduce spim, businesses should advise employees against listing screen names on any public directories or websites, and also to configure their IM clients to accept messages only from an approved list of contacts.
While many of these threats have the potential to wreak havoc on any business, there are a few steps businesses can take to mitigate IM threats so they can fully enjoy the benefits of IM:
* Install IM Security Tools
IM security tools span a variety of functions from capturing data sent over IM, to monitoring and tracking unusual IM behavior which may indicate misuse or virus-related security breaches. By installing IM security tools, businesses will have a more comprehensive, centralized solution to help manage IM usage within the company.
* Educate Employees and Create Corporate Policies
Employee education on any exchange service is paramount in securing the IT infrastructure, but especially on IM usage because of the potential for rapid proliferation throughout the network. Businesses should make it a priority to learn about the best safety and security practices and incorporate them into company policies. To protect businesses and employees, businesses should define appropriate uses of IM in the workplace and encourage precautionary measures such as not storing IM passwords on the computer.
*Secure IM Logs
Because IM programs automatically create and store logs of all conversations on a user's computer, hackers can obtain valuable information on a business, including specific statements made during a conversation as well as business secrets discussed via IM. One way to secure IM logs is to store them behind a corporate firewall or even delete the logs. These options are available in the preferences section of the program.
* Use Vulnerability Management Tools for Compliance
Businesses can install and use vulnerability management tools to gain an overview of IM software installed on employee machines. Using these tools, they can monitor whether employees have made any changes to their IM programs that violate business policies, and make sure that desktop firewall and antivirus programs are being used properly.
* Install Desktop Antivirus and Firewall Programs
Since spam sent over IM typically requires users to download and open an attachment. Security at the desktop and firewall level can guard against threats by blocking an attachment or cleaning an infected file. Installing desktop firewalls help protect individual machines from attacks from within an organization or through a LAN. Desktop firewalls are also good for those in a remote office or who handle sensitive data. Businesses should also install desktop antivirus programs to provide a final line of defense against viruses, worms, and Trojan horses.
* Install and Update IM Patches
The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. Businesses can reduce the risk of attacks to their computers via IM by installing and updating IM patches regularly.
There are many advantages to using IM in a business setting. If businesses choose to use this communication tool, they need to understand the security threats to IM and how to protect their business. By educating employees, enforcing policies, installing protective technologies, and, where possible, encrypting IM conversations, organizations can continue to enjoy the benefits of using IM as a business tool while also managing its risks.
Subscribe to:
Posts (Atom)