The instant messaging world continues to evolve at an incredibly alarming rate. IM communications most changed more than in the past 10 years with the evolution of e-mail and instant messaging (IM). Once limited to desktops, instant messaging is now available via handheld devices and cell phones, allowing users to chat from virtually anywhere, even becoming a staple mode of communication in business environments.
However, its own share of security risks accompanies IM. Because IM is generally unprotected and unmonitored, it is vulnerable to attacks, and can easily expose all users in an IM contact list to the same attacks via IM sent from that machine, creating the potential for rapid proliferation. In such a scenario, it is likely that any malicious code that propagates through one of the protocols will also propagate through the other.
The most prevalent threats to IM include:
* Worms and Trojan horses
Similar to threats sent by e-mail, worms and Trojan horses via IM can compromise the integrity of IT systems. Too many IT departments focus solely on e-mail threats because they are not aware of the number of people using IM in their businesses. This is because individual users can load IM programs directly onto local computers, and IM traffic is often undetectable at the network level. According to the IMlogic Threat Center, “90% of IM-related security attacks included worm propagation; nine percent delivered viruses; one percent exploited known client vulnerabilities or exploits.” Via an IM program, it is possible for a Trojan horse to configure the client to give access to all files on a computer via peer-to-peer file sharing. Ultimately, this opens up the entire computer system to attackers.
* Password stealing and impersonation
Hackers can use Trojan horses to gain access to an IM password if it is stored on the computer. Using this method, hackers can have access to the user’s screen name and the user’s entire list of IM contacts. Impersonation is not only harmful to the victim whose password has been stolen, but to anyone who interacts with the hacker and divulges personal information or executes any files sent by the hacker under the guise of the user.
* Privacy intrusion
Outside parties can capture information to use in malicious ways, and employees may not be aware of the ramifications of their IM conversations. Businesses could be legally or financially at risk if employees send confidential information that is subsequently gathered by outside parties. Many IM programs do not offer encryption, making it easy for a third party to eavesdrop on IM conversations using different types of programs such as packet sniffers. Businesses can deal with these risks by enforcing an IM policy that restricts the type of information that can be exchanged via IM and setting up a system to encrypt IM conversations.
* SPIM
Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names.
While many of these threats have the potential to wreak havoc on any business, there are a few steps businesses can take to mitigate IM threats:
* Install IM security tools
IM security tools span a variety of functions from capturing data sent over IM, to monitoring and tracking unusual IM behavior, which may indicate misuse or virus-related security breaches. By installing IM security tools, businesses will have a more comprehensive, centralized solution to help manage IM usage within the company.
* Educate employees and create corporate policies
Employee education on any exchange service is paramount in securing the IT infrastructure, especially on IM usage, because of the potential for rapid proliferation throughout the network. Businesses should make it a priority to learn about the best safety and security practices and incorporate them into company policies. To protect businesses and employees, businesses should define appropriate uses of IM in the workplace and encourage precautionary measures such as not storing IM passwords on the computer.
* Secure IM logs
Because IM programs automatically create and store logs of all conversations on a user’s computer, hackers can obtain valuable information on a business, including specific statements made during a conversation as well as business secrets discussed via IM. One way to secure IM logs is to store them behind a corporate firewall or even delete the logs. These options are available in the preferences section of the program.
* Use vulnerability management tools for compliance
Businesses can install and use vulnerability management tools to gain an overview of IM software installed on employee machines. Using these tools, they can monitor whether employees have made any changes to their IM programs that violate business policies, and make sure that desktop firewall and antivirus programs are being used properly.
* Install desktop antivirus and firewall programs
Since spam sent over IM typically requires users to download and open an attachment. Security at the desktop and firewall level can guard against threats by blocking an attachment or cleaning an infected file. Installing desktop firewalls help protect individual machines from attacks from within an organization or through a LAN. Desktop firewalls are also good for those in a remote office or who handle sensitive data. Businesses should also install desktop antivirus programs to provide a final line of defense against viruses, worms, and Trojan horses.
* Install and update IM patches
The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. Businesses can reduce the risk of attacks to their computers via IM by installing and updating IM patches regularly.
There are many advantages to using IM in a business setting. If businesses choose to use this communication tool, they need to understand the IM security threats and how to protect their business against them. By educating employees, enforcing policies, installing protective technologies, and, where possible, encrypting IM conversations, organizations can continue to enjoy the benefits of using IM as a business tool while also managing its risks.
Source: Director Channel and Alliances, Symantec India, Ajay Verma
However, its own share of security risks accompanies IM. Because IM is generally unprotected and unmonitored, it is vulnerable to attacks, and can easily expose all users in an IM contact list to the same attacks via IM sent from that machine, creating the potential for rapid proliferation. In such a scenario, it is likely that any malicious code that propagates through one of the protocols will also propagate through the other.
The most prevalent threats to IM include:
* Worms and Trojan horses
Similar to threats sent by e-mail, worms and Trojan horses via IM can compromise the integrity of IT systems. Too many IT departments focus solely on e-mail threats because they are not aware of the number of people using IM in their businesses. This is because individual users can load IM programs directly onto local computers, and IM traffic is often undetectable at the network level. According to the IMlogic Threat Center, “90% of IM-related security attacks included worm propagation; nine percent delivered viruses; one percent exploited known client vulnerabilities or exploits.” Via an IM program, it is possible for a Trojan horse to configure the client to give access to all files on a computer via peer-to-peer file sharing. Ultimately, this opens up the entire computer system to attackers.
* Password stealing and impersonation
Hackers can use Trojan horses to gain access to an IM password if it is stored on the computer. Using this method, hackers can have access to the user’s screen name and the user’s entire list of IM contacts. Impersonation is not only harmful to the victim whose password has been stolen, but to anyone who interacts with the hacker and divulges personal information or executes any files sent by the hacker under the guise of the user.
* Privacy intrusion
Outside parties can capture information to use in malicious ways, and employees may not be aware of the ramifications of their IM conversations. Businesses could be legally or financially at risk if employees send confidential information that is subsequently gathered by outside parties. Many IM programs do not offer encryption, making it easy for a third party to eavesdrop on IM conversations using different types of programs such as packet sniffers. Businesses can deal with these risks by enforcing an IM policy that restricts the type of information that can be exchanged via IM and setting up a system to encrypt IM conversations.
* SPIM
Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names.
While many of these threats have the potential to wreak havoc on any business, there are a few steps businesses can take to mitigate IM threats:
* Install IM security tools
IM security tools span a variety of functions from capturing data sent over IM, to monitoring and tracking unusual IM behavior, which may indicate misuse or virus-related security breaches. By installing IM security tools, businesses will have a more comprehensive, centralized solution to help manage IM usage within the company.
* Educate employees and create corporate policies
Employee education on any exchange service is paramount in securing the IT infrastructure, especially on IM usage, because of the potential for rapid proliferation throughout the network. Businesses should make it a priority to learn about the best safety and security practices and incorporate them into company policies. To protect businesses and employees, businesses should define appropriate uses of IM in the workplace and encourage precautionary measures such as not storing IM passwords on the computer.
* Secure IM logs
Because IM programs automatically create and store logs of all conversations on a user’s computer, hackers can obtain valuable information on a business, including specific statements made during a conversation as well as business secrets discussed via IM. One way to secure IM logs is to store them behind a corporate firewall or even delete the logs. These options are available in the preferences section of the program.
* Use vulnerability management tools for compliance
Businesses can install and use vulnerability management tools to gain an overview of IM software installed on employee machines. Using these tools, they can monitor whether employees have made any changes to their IM programs that violate business policies, and make sure that desktop firewall and antivirus programs are being used properly.
* Install desktop antivirus and firewall programs
Since spam sent over IM typically requires users to download and open an attachment. Security at the desktop and firewall level can guard against threats by blocking an attachment or cleaning an infected file. Installing desktop firewalls help protect individual machines from attacks from within an organization or through a LAN. Desktop firewalls are also good for those in a remote office or who handle sensitive data. Businesses should also install desktop antivirus programs to provide a final line of defense against viruses, worms, and Trojan horses.
* Install and update IM patches
The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. Businesses can reduce the risk of attacks to their computers via IM by installing and updating IM patches regularly.
There are many advantages to using IM in a business setting. If businesses choose to use this communication tool, they need to understand the IM security threats and how to protect their business against them. By educating employees, enforcing policies, installing protective technologies, and, where possible, encrypting IM conversations, organizations can continue to enjoy the benefits of using IM as a business tool while also managing its risks.
Source: Director Channel and Alliances, Symantec India, Ajay Verma
Comments