Presentation is loading. Please wait.

Presentation is loading. Please wait.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Published byLeila Ingmire Modified over 10 years ago

Similar presentations

Presentation on theme: "Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS."— Presentation transcript:

1 Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS

2 Outline Instant Messaging Problems with IM in corporate environments General threats to IM Implementing security policies in IM Design details and problems Summary References

3 Instant Messaging Instant Messaging (IM) is the online chat medium that allows people to connect and collaborate in real-time. Based on IP protocols 10 million enterprise users in 2002 Expected to explode up to 180 million users by 2007

4 Problems with Free IM in corporate environments Privacy concerns Security Concerns No central administration No integration with corporate IT Security and firewall problems Dependence on external infrastructure providers

5 General threats to IM Worms Bypasses most anti-virus scanners Can resend itself to all on the buddy list Backdoor Trojan Horses Utilize IM app to send information about user Can modify configuration settings to make whole HDD available for file sharing

6 General threats to IM Contd Hijacking and Impersonation Account information can be stolen and misused Man-in-the-middle attacks Denial of Service Flood attacks

7 Implementing security policies in IM Why? Most enterprise IMs provide only primitive control A more fine-grained approach required Common breaches of security Transfer of confidential files to unauthorized users Unauthorized attendees in confidential conferences Messages containing confidential information

8 Required features in corporate IMs Secure log-in Chatting Internal, application based External, web based Conferencing File sharing

9 Basic IM Service architecture Central Messaging Server Internal Network No external IP Protected against internal DOS attacks Client(s) Authentication Access Control Certificate handling Authentication Encryption DMZ Web Server Web based IM

10 Security Clearance hierarchy Mgmt Level 1 Mgmt Level 2. Regular Employee. Customer Support. External

11 Log-in Essential because it determines security clearance Password-locked certificates Problems Weak passwords Vulnerable to software cracking and social engineering Biometric keys Integration of IM login with terminal login

12 Chatting Rules External chat only with employees with Ls >= l k, a predetermined level If Ls(S1) >= Ls(S2), S1 can chat unchecked with S2, but messages from S2 to S1 are monitored All chat messages are encrypted using mutually negotiated session keys, except for ones with externals.

13 Chatting contd. Chat monitoring and logging All chat activity is monitored and logged to log files that are accessible only to any non-sysadmin users Suspect word list to raise alerts Problems Words split up, capitalized Sentences in unrecognized languages spelt in a recognized language IM activity at unusual times could raise alerts

14 Conferences Collaborative chatting with ability to record conversation by attendees as minutes Rules Each conference has security level assigned to level l If Ls(Employee) <= l, employee can read/write Custom invitations to conferences also possible Downgrading of conference level after starting possible, but is logged and all messages generated by users with higher security clearances will be hidden to less secure users

15 File Sharing All files that are shared are assumed to be at the senders security level Levels can be changed by the system administrator If Lo >= Ls, the file can be transferred All manuals and public documents are tagged in a central repository by the sys-admin with Lo >= Ls(External) so that customer service can transfer documents or parts of it to clients

16 Summary Conflict between restrictions imposed by security policies and ease of use built into IM services No security policy is a match for human ingenuity. Further research is required and perhaps a new model for enterprise IM services Unified messaging, currently getting popular, requires a extremely vast and diverse security policy.

17 References http://www.symantec.com/avcenter/reference/secure.instant.messaging.pdf http://www.symantec.com/avcenter/reference/threats.to.instant.messaging.pdf http://www.go4teams.com/papers/enterprise_im.pdf http://www.jabber.com/download.php?dl=Extensible_IM_Essentials.pdf http://www.informationweek.com/story/IWK20030226S0009 Computer Security – Art and Science by Matt Bishop

Download ppt "Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS."

Similar presentations

2011 NetIS Presentation The Complete ePublishing Platform Designed for the 21 st Century.

2011 NetIS Presentation The Complete ePublishing Platform Designed for the 21 st Century.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security Fundamentals

Computer Security Fundamentals
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
A Product of Corporate Instant Messenger www.c-cubemessenger.com Enterprise Communication and Collaboration with Secure Instant Messaging Copyright © ANGLER.

A Product of Corporate Instant Messenger Enterprise Communication and Collaboration with Secure Instant Messaging Copyright © ANGLER.

Similar presentations

Ads by Google