Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging."— Presentation transcript:

1 Securing Instant Messaging Matt Hsu

2 Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging in Your Corporation Conclusion

3 Introduction

4 Instant Messaging Primer Instant Messaging is not a new technology The first system, IRC, was developed in 1988 by Jarkko Oikarinen Providing Services: p2p real-time chatting and file transfer capabilities Current IM systems: ICQ, AOL IM, MSN Messenger, Yahoo Messenger IRC stands for Internet Relay Chat

5 Communication Mode Client-Server instant messagingP2P instant messaging

6 Encryption, File Transfers, Scripting, Others Most IM systems do not encrypt p2p traffic Those systems do not encrypt files transferred either A handful of IM platforms offer scripting capabilities Additional functionality: mini-Web provided by ICQ

7 Instant Messaging Vulnerabilities and Exploits (1) Eavesdropping Using a packet sniffer Account Hijacking A number of Web sites provide DIY for launching such a attack Password protection is very limited Data Access and Modification Buffer overflow In May 2002, w00w00 identified a vulnerability: an attacker to gain full access to targeted systems

8 Instant Messaging Vulnerabilities and Exploits (2) Worms and Blended Threats IM software maintains a list of buddies By two ways: 1)leveraging IM scripting 2) exploiting a buffer overflow Scripting Instant Messaging Threats Instant Messaging Threats that Exploit Vulnerabilities Denial-of-Service Instant messaging server vulnerabilities

9 Securing Instant Messaging in Your Corporation IM vs. Firewalls Out-of-the-box firewall configurations are not sufficient enough to block access Tunneling tech: It make a client to slip past the corporate firewall IM File Transfers vs. Firewalls The best way to block file transfers is to block the port numbers used by IM products

10 Instant Messaging Best Practices Establish a corporate instant messaging usage policy Properly configure corporate perimeter firewalls Deploy desktop antivirus software Employ personal firewalls to ensure policy compliance Deploy corporate instant messaging servers Recommended instant messaging client settings Install all IM patches a.s.a.p Use vulnerability management solutions to ensure policy compliance

11 Conclusion Current IM systems are inadequately secured Need a layer suitable security systems Consider the growing number of wireless phones already supporting IM services Great Sentence: “Only by appropriately securing these systems will businesses be able to reap their full economic benefits”

Download ppt "Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging."

Similar presentations

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.

MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Barracuda Web Application Firewall

Barracuda Web Application Firewall
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 12 Network Security.

Chapter 12 Network Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,

Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,

Similar presentations

Ads by Google