282    Chapter 5 • Communication Security: Web Based Services

             communicate with other members of your staff when used at work, or with friends
             and family when used at home. Generally, each of these IM clients tie into a ser-
             vice that transfers messages between other users with the same client software.
             However, there are programs like Trillian that allow users to consolidate their
             accounts on different IM networks and connect to AIM,Yahoo Messenger,
             Windows Live Messenger, I Seek You (ICQ), and Internet Relay Chat (IRC) all
             within a single interface. In recent years, such features have also been folded into
             other IM software, such as Windows Live Messenger supporting messages
             exchanged with Yahoo! Messenger clients. Despite the popularity of IM clients,
             many businesses prohibit the use of IM programs on network computers. One
             reason is practical: incessant “chatting” can become a bigger time waster than gos-
             siping at the water fountain (and one that is less obvious for management to
             detect). But an even more important reason is that IM technologies pose significant
             security risks. Each of the messenger programs has been exploited and most of
             them require a patch.The hacker community has discovered exploits, which range
             from Denial of Service (DoS) attacks all the way to executing remote commands
             on a system. For the Security+ exam, the following security issues that are related
             to using IM technology must be acknowledged:

                  ■   IM technology is constantly exploited via buffer overflow attacks. Since
                      the technology was made for ease of use and convenience, not for secure
                      communications, there are many ways to exploit IM technology.
                  ■   IP address exposure is prominent and, because an attacker can get this
                      information from IM technology, provides a way that an attacker can iso-
                      late a user’s home machine, crack into it, and then exploit it.
                  ■   IM technology includes a file transfer capability, with some providing the
                      ability to share folders (containing groups of files) with other users. In
                      addition to the potential security issues of users making files available,
                      there is the possibility that massive exploits can occur in that arena if the
                      firewall technology is not configured to block it.All kinds of worms and
                      viruses can be downloaded (circumventing the firewall), which could
                      cause huge problems on an internal network.
                  ■   Companies’ Human Resources (HR) policies need to be addressed
                      because there is no way to really track IM communication out of the box.
                      Thus, if an employee is communicating in an improper way, it might be
                      more difficult to prove as compared with improper use of e-mail or Web
                      sites visited.



          www.syngress.com