1 / 23

The Risks Associated with Instant Messaging

The Risks Associated with Instant Messaging. Client Vulnerabilities. Risk Allow people with malicious intent to attack your client machines Mitigation Implement a solution that enables the versions of Instant Messaging clients to be controlled and limited to known good versions

edalene
Télécharger la présentation

The Risks Associated with Instant Messaging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Risks Associated with Instant Messaging

  2. Client Vulnerabilities • Risk • Allow people with malicious intent to attack your client machines • Mitigation • Implement a solution that enables the versions of Instant Messaging clients to be controlled and limited to known good versions • Restrict the use of client features

  3. File Transfer Spreading Viruses • Risk • Instant Messaging will be used to transfer files that contain traditional viruses that will infect client machines • Mitigation • Implement server based Anti Virus scanning for all files that are transferred • Be proactive, use a policy to control who can transfer files and the types of files they can transfer

  4. IM Worms • Risk • Your organisations machines will become rapidly infected by malware and you will loose control of those assets • Mitigation • Block all known IM Worms using signatures • Use behaviour analysis to detect new threats as they emerge and block them across the whole community • Break the social engineering cycle used in these infections.

  5. IM Worms - Example Kelvir Worm Type: Propagation: Detection: Peak: Mutations: Reach: Instant Messaging Worm MSN Messenger December 2004 March, September 2005 Over 160 High - Effective use of social engineering Exploitation Of Host Deploys variant of backdoor SpyBot Trojan Allows hacker to disable security software Allows hacker to take over infected machine A Trojan virus is a small program that runs hidden on an infected computer. The Trojan gives hackers access to get stored passwords from your computer, read your personal documents, delete files and break your computer, display pictures, and/or show messages on your screen. Networks Impacted Kelvir-Re mutation shut-down Reuters Messaging network

  6. IM Worms These Threats are Growing Exponentially Over 2220 in 2005 – most IM threats fly under the radar screen of traditional security companies IM Worms Mutate Frequently IM viruses and worms are increasing in complexity and mutate frequently – most AV security is “reactive” , not “proactive” in response IM Worms Spread Rapidly Many IM worms can compromise networks in less than 20 minutes – zero day attacks make AV or desktop defense irrelevant IM Worms Utilize Social Engineering IM worms attack known IDs and buddy lists, and use social engineering to infect even technology savvy end users

  7. IM Worms - Real World Experience “When the Velkbot worm hit we were completely defenseless. Over 1000 machines were infected in just under 20 minutes. Our AV vendor didn’t know about this worm and didn’t have an update for us. We had to shut down IM until we knew how to protect ourselves”… --Fortune 100 IT Executive (45,000 Seat LCS Deployment)

  8. IM Worms – Mitigation • Predictive Threat Detection • Predictive, heuristic-based threat protection for unknown, emerging threats • Network, content & behavior-based anomaly detection • Adaptive protection for pattern-less matching, including integrated white listing • Automatic threat remediation & quarantines without centralized intervention • Community based protection • Social Engineering Protection • Replace suspicious URLs with safe redirect page for end users • Educate users and allow navigation to final destination URL as appropriate • Rate site via reputation filter

  9. Information Leakage • Risk • Typically an organisation has 70%+ of it’s IPR contained in it’s messaging systems. Instant Messaging provides another vector by which this can leak outside or within an organisation. • Mitigation • Implement policies to control external file transfers. • Apply content filtering to detect IPR in messages • Use disclaimers to “inform” users

  10. Electronic Bullying • Risk • Your employees may utilise Instant Messaging to bully or harass other employees, business partners or customers exposing you to the legal and organisational consequences. • Mitigation • Implement content filtering on messages for profanities and keywords associated with electronic bullying • Log all conversations and give HR the ability to audit • Use disclaimers to indicate that this is a managed protocol

  11. Regulatory Compliance • Risk • Your employees may utilise Instant Messaging to break the law or your internal compliance and governance standards. • Mitigation • Log all conversations and give the appropriate authorities the ability to audit conversations • Use disclaimers to indicate that this is a managed protocol

  12. Time Wasting and Social Use • Risk • People use Instant Messaging as a distraction and are therefore less productive • Mitigation • Implement an Enterprise Instant Messaging solution with rich enterprise functionality and position it as an enterprise tool • Deploy disclaimers to enforce this

  13. SymantecIM Manager 8.0

  14. IMlogic a Brief History • Founded in early 2001 by Francis de Souza • Early customers include Merrill Lynch and Bear Stearns • IMlogic licensed archiving technology to Microsoft RTC Group in 2002 • In 2003 support is added for LCS 2003 in addition to Public IM and IBM Sametime • 2004 IM Manager is recognised as the leading management, archiving and security solution for public and enterprise instant messaging • September 2005 RTTPS is launched to tackle the rapid rise in IM threats • At the end of 2005 IMlogic had over 800 Enterprise customers in diverse market sectors • Acquired by Symantec 10th Feb 2006 • Symantec IM Manager Version 8.0 released Q2 2006 • IM Manager becomes part of the Enterprise Messaging Management product group lead by Francis de Souza

  15. What is Symantec IM Manager 8.0? • Windows server software solution providing • Security and Hygiene • Management • Logging and Archiving for Public, Enterprise and hosted IM solutions • The market leading product with over 1000 installed enterprise customers

  16. IM Manager Key Features Security & Hygiene • Real Time Threat Protection System provides protection from known, emerging and “zero day” threats • Flexible group based filter rules driven from existing AD infrastructure enforce hygiene and usage policies proactively reducing security risks • Policy based control for IM, File Transfer, Voice, Video, Data and other client capabilities • Out of the box with Antigen and Symantec scan engines to protect file transfers • Client version controls enable use of only known clients

  17. Real World Experience with an IM Worm “When the Velkbot worm hit we were completely defenseless. Over 1000 machines were infected in just under 20 minutes. Our AV vendor didn’t know about this worm and didn’t have an update for us. We had to shut down IM until we knew how to protect ourselves”… --Fortune 100 IT Executive (45,000 Seat LCS Deployment)

  18. Real Time Threat Protection System • Predictive Threat Detection • Predictive, heuristic-based threat protection for unknown, emerging threats • Network, content & behavior-based anomaly detection • Adaptive protection for pattern-less matching, including integrated white listing • Automatic threat remediation & quarantines without centralized intervention • Social Engineering Protection • Replace suspicious URLs with safe redirect page for end users • Educate users and allow navigation to final destination URL as appropriate • Rate site via reputation filter

  19. IM Manager is used to filter all current threats • Known Threats • Downloaded by the Auto Update Process from the Threat Centre • New Threats • Locally Detected – Instantly • Community Detected – Within one minute of detection • False Positives can be revoked by the Threat Centre • RTTPS Software component analyses all Public IM and LCS IM messages. • Detects messages containing URLs • Standardises the URL • Scores the URL • Scores the surrounding text • Generates dynamic filter if required • Synchronises with the Threat Centre RTTPS provides and Optional social engineering protection feature where URLs can be dynamically re-written so that internal or external users can be re-directed to a page that tells them about the threat and provides reputation information about the URL. Report Threats RTTPS – How it works Threat Centre New Threats Known Threats ANALYSE FILTER REWRITE

  20. IM Manager Key Features Centralized Management • Enforcement of consistent rules across all forms of Instant Messaging • Active Directory driven rules minimize the support overhead • Control access to groups of external users • Comprehensive reporting infrastructure with canned and custom reports allows usage and adoption to be measured • Threshold based alerting system lets you see where the issues are

  21. IM Manager Key Features Archiving and Regulatory Compliance • Comprehensive set of reporting tools designed to satisfy international compliance requirements • Multi party conversation reconstruction & extensive search capabilities • Out of the box integration with Enterprise Vault and other archiving products

  22. IM Manager Components and Architecture

  23. Questions?

More Related