Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.

Slides:

Advertisements

Similar presentations

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Advertisements

MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Barracuda Web Application Firewall

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

Security+ Guide to Network Security Fundamentals

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Chapter 12 Network Security.

Chapter 7 HARDENING SERVERS.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

1 Integrating ISA Server and Exchange Server. 2 How works.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,

Analysis of Instant Messenger Programs Celia Hung and Nathan Miller ECE 478/578 Department of Electrical Engineering Oregon State University.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Website Hardening HUIT IT Security | Sep

Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Security Risks of Instant Messaging in the Workplace Imtiaz Paniwala Instructor: Dr. Yang Date: March 24, 2004.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

A Holistic Approach to Malware Defense Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 13 – Network Security

Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.

Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.

Instant Messaging Alan Parker Robert Callow Brian Kearney Fortunato Macari Daniel Harrington Chang Gong Wang.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

Software Security Testing Vinay Srinivasan cell:

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Introduction to Barracuda IM Firewall. Two Security Products in One Public IM Management –Manages traffic from public IM clients, including AIM, Yahoo!

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

Before: Servers Behind Firewalls Today: Servers Migrate Out Business drivers: E-Business Supply chain management CRM.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

Module 11: Designing Security for Network Perimeters.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

External Messaging Services. Page 2 External Messaging: Extends the power of Presence and Instant Messaging outside corporate Network Provided only to.

Instant Messaging. Magnitude of the Problem Radicati reports that 85% of enterprises today use IM. Furthermore, Radicati predicts IM usage increases will.

Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Introduction to Barracuda IM Firewall

Web Application Protection Against Hackers and Vulnerabilities

Working at a Small-to-Medium Business or ISP – Chapter 8

Securing the Network Perimeter with ISA 2004

Protect Your Critical Business Applications With Website Security Testing.

Website Security Testing: Why Business Need It Very Badly.

Firewalls Jiang Long Spring 2002.

Presentation transcript:

Securing Instant Messaging Matt Hsu

Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging in Your Corporation Conclusion

Introduction

Instant Messaging Primer Instant Messaging is not a new technology The first system, IRC, was developed in 1988 by Jarkko Oikarinen Providing Services: p2p real-time chatting and file transfer capabilities Current IM systems: ICQ, AOL IM, MSN Messenger, Yahoo Messenger IRC stands for Internet Relay Chat

Communication Mode Client-Server instant messagingP2P instant messaging

Encryption, File Transfers, Scripting, Others Most IM systems do not encrypt p2p traffic Those systems do not encrypt files transferred either A handful of IM platforms offer scripting capabilities Additional functionality: mini-Web provided by ICQ

Instant Messaging Vulnerabilities and Exploits (1) Eavesdropping Using a packet sniffer Account Hijacking A number of Web sites provide DIY for launching such a attack Password protection is very limited Data Access and Modification Buffer overflow In May 2002, w00w00 identified a vulnerability: an attacker to gain full access to targeted systems

Instant Messaging Vulnerabilities and Exploits (2) Worms and Blended Threats IM software maintains a list of buddies By two ways: 1)leveraging IM scripting 2) exploiting a buffer overflow Scripting Instant Messaging Threats Instant Messaging Threats that Exploit Vulnerabilities Denial-of-Service Instant messaging server vulnerabilities

Securing Instant Messaging in Your Corporation IM vs. Firewalls Out-of-the-box firewall configurations are not sufficient enough to block access Tunneling tech: It make a client to slip past the corporate firewall IM File Transfers vs. Firewalls The best way to block file transfers is to block the port numbers used by IM products

Instant Messaging Best Practices Establish a corporate instant messaging usage policy Properly configure corporate perimeter firewalls Deploy desktop antivirus software Employ personal firewalls to ensure policy compliance Deploy corporate instant messaging servers Recommended instant messaging client settings Install all IM patches a.s.a.p Use vulnerability management solutions to ensure policy compliance

Conclusion Current IM systems are inadequately secured Need a layer suitable security systems Consider the growing number of wireless phones already supporting IM services Great Sentence: “Only by appropriately securing these systems will businesses be able to reap their full economic benefits”