Page 299 - StudyBook.pdf
P. 299

Communication Security: Web Based Services • Chapter 5  283



                 EXAM WARNING
                      Make sure you fully understand the implications of using IM technology
                      on your network. Many exploits, attacks, and hoaxes can be performed
                      using Instant Messaging.




                    For companies that want to allow IM for business purposes but prevent abuse,
                 there are software products available, such as Akonix’s security gateway for public
                 instant messaging, Zantaz’s Digital Safe, and IMlogic’s IM Manager, that allow com-
                 panies to better control IM traffic and log and archive IM communications. Such
                 products (combined with anti-virus software and security solutions already on a
                 server running the IM service, and the client computer running the IM client soft-
                 ware), add to the security of Instant Messaging.

                 Packet Sniffers and Instant Messaging

                 Packet sniffers are tools that can capture packets of data off of a network, allowing
                 you to view its contents.As we saw in chapter 2, and will discuss further in this
                 chapter (when we discuss packet sniffers used with FTP), a considerable amount of
                 data can be obtained by viewing the contents of captured packets, inclusive to user-
                 names and passwords. By using a packet sniffer to monitor IM on a network, you
                 can view what people are chatting about and other sensitive information.
                    The reason packet sniffers can view IM information so easily is because the
                 messages are passed between IM users as cleartext. Cleartext messages are trans-
                 mitted without any encryption, meaning the messages being carried across a net-
                 work can be easily viewed by anyone with the proper tools. Being sent as cleartext
                 makes them as easy to view in a packet sniffer as a text message would be on your
                 computer.
                    In addition to packet sniffers, there are also a number of tools specifically
                 designed to capture IMs. For example, a program called MSN Sniffer 2 is available
                 at EffeTech’s Web site (www.effetech.com).This tool will capture any MSN chats
                 on a local network and store them so they can be analyzed at a later time. If there
                 is concern that information is being leaked, or policies are being broken through
                 IM software on the network, you could use this tool to view the chats and use
                 them as evidence for disciplinary actions or to provide to police when pressing
                 criminal charges.






                                                                              www.syngress.com
   294   295   296   297   298   299   300   301   302   303   304