8 Ways IM Affects Your IT Infrastructure

Practical technology advice to improve your business with today's top technology solutions, from All Covered: IT Services Partner for Small Business.

To ease connection difficulties, many popular IM clients are adept at navigating traffic through well-secured network environments by using unauthorized ports in corporate firewalls. This access allows additional entry points into the network for viruses and rogue protocols - bypassing corporate authentication systems and controls.

With Internet accessible "listening" services such as IM running from inside an organization, these applications are increasingly being targeted by hackers and spammers. The spate of recent vulnerabilities within IM clients by all the significant vendors leaves integrity and confidentiality of corporate information at risk - potentially allowing any data a trusted employee can access to also become accessible to a hacker, abusing flaws in the IM client application.

Without proper management of an IM environment, uncontrolled installation of consumer-grade messaging clients may make an organization vulnerable to the following security issues:

1. Client Vulnerabilities - Just like many other software applications, IM clients have a history of common security vulnerabilities. Exploitation of these vulnerabilities may take the form of denials of service (e.g. maximum network bandwidth utilization and workstation crashes), "bother-ware" notifications and nuisances threatening productivity, access to unauthorized host data, or complete host compromise and subsequent loss of data integrity.
   
   
2. Insecure Network Traffic - Typically, the corporate networking environment is protected by a perimeter defense system (e.g. Firewalls, IDS/IPS, content filtering, anti-virus, etc.) that is supposed to block all malicious network activity initiated outside the network. IM clients effectively perforate the firewall and provide an alternate conduit for viruses, spam and other unauthorized files.
   
   
3. Open Connections - When engaging in file transfers, voice chat, or other file sharing activities, the IM client reveals the users true IP address. With this information a malicious user may concentrate on the host system for the purpose of hacking in to it or as a target for a denial of service attack.
   
   
4. Identity Theft - IM clients commonly use little or no encryption for the transmission of login credentials. Guides exist on the Internet providing best advice on how to intercept and capture this. Stolen credentials can thus be easily used to impersonate someone else.
   
   
5. Data Theft - The ability to tunnel through perimeter defenses makes for an efficient method of transferring confidential materials out of an organization. Internal users may use IM clients to transfer binary data such as customer databases and development source code to external contacts without alerting internal security or audit teams. With some IM clients, this may be achieved inadvertently through poor configuration of file sharing services.
   
   
6. Loss of Privacy - The common failure to implement any form of encryption of the data means that all messages must travel in the clear, meaning that an observer can easily intercept and read this information. In the case where non peer-to-peer connections are made, all messages must travel to a central server before being forwarded to the recipient where they may be logged and stored (note that users within the same office may be unaware that their traffic is being routed over the Internet). Similarly, the message recipient may also log and store this information for later use.
   
   
7. Absent Authentication - As each user may choose their own identity, there is no guarantee that the message recipient is genuinely who they claim to be. An employee may think that they are messaging a work colleague, while in actuality he is communicating with a competitor. In addition, because these online identities are not created or managed by the organizations IT department, tracking messages to an actual person within the organization may prove to be very difficult.
   
   
8. Social Engineering - The informal nature of the communication medium lends itself to common social engineering techniques and trust relationships. Users may be tricked into disclosing confidential business information, compromising the security of their own system, and sending or receiving unauthorized content (e.g. pornography, internal documents, etc.).

The consequences of these security threats may also be more subtle. Within heavily regulated industries such as financial services and health care, IM carries a high potential for liability. Many industries are required by law to regulate and safeguard the flow of confidential information. In the USA for instance, to comply with SEC, HIPAA and NASD requirements, organizations are required to record all customer interactions for possible future review.

Without centralized management of IM services, organizations cannot guarantee that all communications are recorded in an appropriate manner. Undocumented communications regarding personal data may occur without the organizations knowledge - leading to a breach of access requirements - possibly invoking heavy fines or legal action.

Excerpted from Windowsecurity.com/Instant Messenger Security: Securing Against the Threat of Instant Messenger by Gunter Ollmann. Copyright 2001-2005 Gunter Ollmann

How All Covered Can Help

If this is an issue for your business, All Covered provides backup consulting and services for small businesses nationwide.

• Call us: For a personal consultation, call our friendly sales team at 866-446-1133
• Email us: Use our contact form and we'll contact you within one business day.
• Free Newsletters: Use our Free IT Newsletters about IT issues facing small business
• Our services: All Covered Care
  Premium Coverage for Complete Network Management and Computer Support
• Learn more: Business Continuity Planning
  Planning for Business Continuity and Securing your Data