You have all your e-mail and Web-filtering software in place, and you carefully monitor message logs for signs of abuse. But little do you know that for months, a disgruntled employee has been instant messaging company secrets to a friend who works for one of your competitors. And he's been using commonly available utilities to disguise sensitive files as MP3s, which he shares openly using peer-to-peer file-sharing services. The explosion of instant messaging and P2P file-sharing applications in the workplace is a new security challenge. Employees can easily download such applications for free, often without IT detection. The threat from such applications amounts to much more than simply lost productivity and wasted time.
Divulging company secrets is only one of the serious threats posed by IM and P2P applications. Both provide new entry points to your network for intrusions, data theft, denial-of-service attacks, viruses, and worms. In fact, security vendor Symantec reported in one of its biannual Internet Security Threat Reports that the number of attacks over IM and P2P systems quadrupled from January to June 2003. Both applications are adept at bypassing firewalls using port-scanning and tunneling techniques. And none of the popular IM clients offers strong authentication or encryption, so they are vulnerable to account hijacking and eavesdropping for valuable or damaging company information divulged by unwitting employees.
Then there are the bandwidth issues. Since each P2P node is acting as both a client and a server, your precious network bandwidth may be devoured not only by your internal P2P and IM users but also by P2P users all over the planet downloading songs from your users' shared directories.
And don't forget the legal issues. The Recording Industry Association of America (RIAA) has repeatedly warned Fortune 1000 companies that they could be liable for employees that break copyright laws by using their networks to download, store, or distribute music or movies illegally. In fact, the RIAA sued one Arizona-based software company in 2002, resulting in a settlement of $1 million. Companies that don't prevent downloading of pornographic material risk hostile-workplace lawsuits and negative publicity.
So what can you do? First, set up a company policy that clearly states when, how, and by whom IM and P2P applications and services may be used. Then you should use available network hardware and software to block or regulate the applications, or (in the case of instant messaging) bring them in-house, where you can manage and secure their use.
One way to block IM manually is to add the server address names or IP addresses of all known IM servers to your firewall block list. This is only a start, however, because it's not easy to keep up with all of them. Some firewall vendors have added protocol detection capabilities to their products, allowing them to identify and block IM and P2P applications or, in some cases, to identify common attacks that use such applications. To get even more granular protection, install personal firewalls on all your PCs, which you can configure to deny communications at the desktop level to specific applications, including IM and P2P.
If you want more fine-grained control, gateway-scanning and -filtering solutions from Akonix Systems, FaceTime Communications, SurfControl, and WebSense sit behind a firewall, where they can monitor the use of IM and P2P apps, block them, archive messages, or, in the case of Akonix L7 Enterprise, enforce specific corporate policies involving message content, file transfers, time-of-day use, and other variables. L7 Enterprise can also keep all internal IM communications behind the firewall.
The best way to reap the benefits of corporate IM while protecting your company may be to invest in an enterprise IM solution. For more information, see our story "Corporate IM".
Finally, an enterprise antivirus package from McAfee, Symantec, or another vendor is essential. You should incorporate antivirus protection on every desktop and make sure you keep up with your antivirus definition updates in addition to OS, IM, and P2P software patches.
Author: Leon Erlanger
Divulging company secrets is only one of the serious threats posed by IM and P2P applications. Both provide new entry points to your network for intrusions, data theft, denial-of-service attacks, viruses, and worms. In fact, security vendor Symantec reported in one of its biannual Internet Security Threat Reports that the number of attacks over IM and P2P systems quadrupled from January to June 2003. Both applications are adept at bypassing firewalls using port-scanning and tunneling techniques. And none of the popular IM clients offers strong authentication or encryption, so they are vulnerable to account hijacking and eavesdropping for valuable or damaging company information divulged by unwitting employees.
Then there are the bandwidth issues. Since each P2P node is acting as both a client and a server, your precious network bandwidth may be devoured not only by your internal P2P and IM users but also by P2P users all over the planet downloading songs from your users' shared directories.
And don't forget the legal issues. The Recording Industry Association of America (RIAA) has repeatedly warned Fortune 1000 companies that they could be liable for employees that break copyright laws by using their networks to download, store, or distribute music or movies illegally. In fact, the RIAA sued one Arizona-based software company in 2002, resulting in a settlement of $1 million. Companies that don't prevent downloading of pornographic material risk hostile-workplace lawsuits and negative publicity.
So what can you do? First, set up a company policy that clearly states when, how, and by whom IM and P2P applications and services may be used. Then you should use available network hardware and software to block or regulate the applications, or (in the case of instant messaging) bring them in-house, where you can manage and secure their use.
One way to block IM manually is to add the server address names or IP addresses of all known IM servers to your firewall block list. This is only a start, however, because it's not easy to keep up with all of them. Some firewall vendors have added protocol detection capabilities to their products, allowing them to identify and block IM and P2P applications or, in some cases, to identify common attacks that use such applications. To get even more granular protection, install personal firewalls on all your PCs, which you can configure to deny communications at the desktop level to specific applications, including IM and P2P.
If you want more fine-grained control, gateway-scanning and -filtering solutions from Akonix Systems, FaceTime Communications, SurfControl, and WebSense sit behind a firewall, where they can monitor the use of IM and P2P apps, block them, archive messages, or, in the case of Akonix L7 Enterprise, enforce specific corporate policies involving message content, file transfers, time-of-day use, and other variables. L7 Enterprise can also keep all internal IM communications behind the firewall.
The best way to reap the benefits of corporate IM while protecting your company may be to invest in an enterprise IM solution. For more information, see our story "Corporate IM".
Finally, an enterprise antivirus package from McAfee, Symantec, or another vendor is essential. You should incorporate antivirus protection on every desktop and make sure you keep up with your antivirus definition updates in addition to OS, IM, and P2P software patches.
Author: Leon Erlanger
Comments