General discussion

Locked

In my own words...

By Justin Fielding ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

387 total posts (Page 1 of 39)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Managing IM compliance challenges

by Justin Fielding In reply to In my own words...

<p>Instant messaging (IM) increases productivity with the
advantages of instant feedback and reduced communication costs. However, the
problems IM creates in a business environment are those of liability and
responsible use. This is particularly true in the Financial Services sector and
other regulated environments. The Financial Services Authority and similar
regulatory bodies are of the opinion that IM is no different than e-mail,
therefore the same requirements for record keeping exist. I think many users of
IM (including myself) see the conversations as ephemeral, vanishing into the
ether of time and space. Not so. All IM clients have logging facilities and
there are also packages available for network administrators which enable
logging of all conversations passing through the network. If any type of
dispute arises involving information given via an IM conversation, your
organization needs to know exactly what has been said. The same can apply
internally if disputes arise within the company due to improper use. Another
issue which must be addressed is that of increased vulnerability to security
threats. Virus writers and scammers are turning their attention to users of IM;
new Trojans, worms, and phishing attacks are discovered daily.</p>


<p>For a business--and more specifically--its IT department,
the control of IM poses a problem. Firstly, do you have a policy on the use of IM?
If so, how do you enforce this policy and how do you ensure that you are
fulfilling the regulatory obligations imposed? If you do not have the processes
in place to log and archive records in a tamper proof and accessible format;
messaging should be stopped. But how? </p>


<p>Two methods which I come across frequently are port and IP
blocking. </p>


<p>Port blocking: This is very simple; find out what ports are
used by the IM clients and then block them on your firewall. The problem with
this is that the clients try to use many different ranges of ports, and these
tend to increase with every new release. "Well," you say, "my
firewall blocks all outgoing connections unless I specifically ask it to pass
them." That's good, but do you allow port 80 (http)? Most of today's IM
clients can now work perfectly well through port 80, and if you allow your
users to surf the net then they can probably IM too. I recently read that the
latest clients embed traffic data within an HTTP request, meaning that even
with advanced protocol analysis, they will be very difficult to stop! Smells
like guerilla tactics... </p>


<p>IP blocking: Again, very simple in theory, but with its own
problems. Using netstat along with googled resources, you can find the IP
addresses which an IM client will connect to. Block all outgoing connections to
this IP (or subnet) and eventually, once all servers have been found, the IM
client will be unable to go online. This looks like a better method than
blocking individual port ranges as it still leaves http open for web access. This
method still has limitations; in the amount of time it takes for the software
company in question to make a DNS or client update, a new server is added which
needs to be blocked. Because this can be hard to keep on top of, I keep the
major IM clients running on my desktop. In the rare event that one actually
manages to go online, a simple netstat can track down the new server, which can
be added to the block list. One of the major IM providers has started to have
their client program connect to IPs which also host their web services. This
means that if you block their IM client, you also lose access to these services.
Not much of a loss, until you realize that you can't run Windows Update! Looks
like we're heading for an all out Guerilla war!</p>


<p>Lets consider that we have blocked IM (don't forget to hunt
down and block services like <a href="http://www.e-messenger.net/">http://www.e-messenger.net</a>--if
you don't, then your 'users' will use them).</p>


<p>The powers that be have decided that they now want to allow one
of the messenger services. Reversing the measures taken to stop that particular
IM service won't be difficult, but you have to find a way to log and archive
communications. There are many companies offering software to log IM traffic;
examples would be <a href="http://www.imlogic.com/solutions/compliance.asp">IMlogic</a>
and <a href="http://www.akonix.com/solutions/compliance.asp">Akonix</a>.
One of the previously mentioned products runs on a Windows platform, one is a
plug and play appliance. If you run on Unix/Linux/BSD then take a look in to
the <a href="http://naughty.monkey.org/%7Edugsong/dsniff">dsniff set of tools</a>.
This set of tools can log IM conversations, unencrypted password transactions,
url requests, and more. </p>


<p>Our company has decided that public IM services should not
be used; however for internal communication, IM can be a very useful tool,
especially when you have offices spread across a large geographical area. Running
your own internal IM server is easier than you might think. Jabberd is an
implementation of the common messaging protocol, now known as XMPP (Extensible
Messaging and Presence Protocol). There are server implementations available
for various platforms including Windows and Linux; this is also true of client
applications (I personally use <a href="http://psi.affinix.com/">PSI</a&gt.
The best thing about this implementation of an internal IM server is that it's
free, and there are no complex licensing schemes regardless of how many users you
want to have on the system. Logs can be archived in files or SQL format, whichever
you feel more comfortable with. If the configuration seems too complex or you
would rather use a commercial solution, take a look at <a href="http://www.jabber.com/">Jabber Inc</a>.</p>


IM in the financial services sector is a very hot topic at
the moment and promises to continue as new regulations put IT policies to the
test. <a href="http://talk.google.com/">Google</a> is just starting to release its IM service, while <a href="http://www.microsoft.com/mac/products/office2004/using.aspx?pid=usingoffice2004&type=howto&article=/mac/library/how_to_articles/office2004/of_messatwork.xml">Microsoft</a> is
trying to push the use of MSN Messenger within a business environment--<a>the</a> firewall-bypassing efforts made by its
application backup this policy. New problems for IT departments to solve
will follow...


<p>I would be interested to hear reader's comments on this
topic; do you know other methods for blocking or logging IM conversations? Let
me know?</p>

Collapse -

Managing IM compliance challenges

by john.francis In reply to Managing IM compliance ch ...

We are investigating using our virus protect software to block IM by identifying the various IM executables (at least for the most popular IM software) as "unwanted programs", thereby removing the executables from the PC.  If they don't have it, they can't run it.

Collapse -

Managing IM compliance challenges

by Justin Fielding In reply to Managing IM compliance ch ...

Sounds like a good aproach.  How do you plan to stop smarter
users?  Those who will use a 3rd party application like Trillian
(there are loads out there) or even an e-messenger.net type of website?

Collapse -

Need some free storage?

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">While surfing the net I found an interesting little program
called ?<st1:street w:st="on"><st1:address w:st="on">GMail Drive</st1:address></st1:street>?.  This nifty little Windows shell extension
will allow you to use your 2GB gmail account to be used as storage.  Files are basically added to your account in
the form of an email with the file attached; you can access the files as you
would with any other network drive, it integrates the storage with windows
explorer.  The web address is <a href="http://www.viksoe.dk/code/gmail.htm">http://www.viksoe.dk/code/gmail.htm</a><br />
<br />
Actually it reminded me of a similar project I saw a while back
called GMailFS, this allowed you to mount your gmail account as a linux filesystem.  After a quick google search I found this
<a href="http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html">projects homepage</a>
and it seems that it is still being actively maintained.</p>


<p class="MsoNormal">I?m sure neither are very secure, reliable or practical;
still they are a novel use of the free storage being offered to users.</p>

Collapse -

Need some free storage?

by WDMilner In reply to Need some free storage?

On the matter of security in reference to GMailFS, you might look at another file system by Valient Gough called EncFS at <a href="http://pobox.com/~vgough/encfs.html" title="EncFS Encrypted Filesystem">http://pobox.com/~vgough/encfs.html</a>. It can be used in conjunction with GMailFS to create a remote encrypted file system.

In visiting the GMailFS project page I noticed an advert for Streamload. It's a commercial offering that has a free option of 10GB storage (contrary to the advertised "free unlimited") with 100MB download limit a month. This might be just the ticket for some "quick and dirty" file storage when on the road. Probably not the most robust solution compared to things like strongspace.com but certainly adequate for low volume/security files.

Collapse -

Linux in the news & 64-bit

by Justin Fielding In reply to In my own words...

<p class="MsoNormal">Reading through this weeks edition of Computer
Weekly I
notice that there are frequent references to the use of Linux in the
enterprise. Kevin Hughes, a nautical equipment
manufacturer has moved over to 64-bit Linux running Oracle on HP
Itanium machines. I think Linux offers a considerable advantage
over Windows when it comes to running on a 64-bit base (the 64-bit
versions of Windows
that I have tried didn?t seem too stable). I?m not quite sure why the
article said that they are leading the way,
our company (of a similar size) has been running Oracle based
applications on a
64-bit hardware and software base for quite some time. I guess it just
fills some space in the
magazine! Other mentions included Stirling university who have improved performance
three-fold and lowered costs. How? Oh that?s interesting, by moving over to HP
Itanium based servers running Linux; I?m not making accusations here but it?s
interesting that both of these articles were written by the same author. I wonder if he also works for HP, no surely
not... Last but not least, I see that Dell are now offering a desktop system
with NO Windows pre-installation. This
saves money for enterprises using Linux on the desktop as they would usually
have to buy a PC pre-loaded with Windows and then wipe it out, which is a bit
of a waste of a llicence.</p>


<p>As our company runs all of our core services and systems on
a Linux base I find it very interesting to see how other companies are
approaching it?s use. It seems even to companies
who would traditionally run with Windows; Linux is offering a real
alternative
when it comes to high performance 64-bit processing. I?m rather
surprised that people are choosing
to go with the Itanium based systems, we have both Itanium and AMD
Opteron
64-bit systems. Both run SUSE Enterprise
server with Oracle 10g. The Opteron
systems have out performed the Itanium by such large margins that the
Itaniums
have actually been put on the shelf as it were. The Opteron based
systems were also much cheaper than the Itaniums (Truly a fraction of
the price). I guess the big three providers (IBM, HP,
SGI) are hoping that people don?t notice the reduced cost and increased
performance of the Opteron systems so that they can continue to sell
their
overpriced, underperforming Itanium based hardware!</p>

Collapse -

Is your Wireless infrastructure properly protected?

by Justin Fielding In reply to In my own words...

Wireless networking is fast becoming a service expected by
most enterprises. Being able to undock a laptop, walk around the office (for
meetings, impromptu brainstorms, etc.) and still have instant access to files
and data sources is seen as vital. For an IT department, the implementation of
wireless networking is relatively simple and inexpensive. The transfer speed
offered by wireless hardware is constantly increasing, making it a viable alternative
to wired LAN in some situations such as small offices with solid floors and
ceilings.


<p class="MsoNormal">This all sound great, but there has to be a catch doesn?t
there? Well yes, the catch is security.</p>


<p class="MsoNormal">We go to great lengths to protect our wired networks from the
outside world. What would you think if you started working for a company and
found that they had no firewall protecting their internet facing services? Well,
the same should apply to wireless services as these face the outside world and
are more vulnerable than you may think. A report put together by <a href="http://www.rsasecurity.com/press_release.asp?doc_id=4167&id=1034">RSA Security</a> in 2004 gives some horrific figures on the use of unencrypted wireless networks;
this was as high as 72% in Milan! A <a href="http://www.cioupdate.com/trends/article.php/3489126">newer report</a>
shows that the situation is still not under control--26% of access points in <st1:city w:st="on"><st1:place w:st="on">London</st1:place></st1:city> were found to have
the factory default settings. I decided to take my own survey and drove around
a local town for 20 minutes. I picked up 372 individual access points! A
massive 39% of these were open, 47% WEP encrypted, and 14% WPA protected. Most
of these were obviously home broadband networks, however a notable number were
clearly advertising their location, including some businesses.</p>


<p class="MsoNormal">There are, of course, simple measures which can be taken to
protect your network. 128-bit WEP encryption is available on almost all wifi
equipment. This is as simple as generating a suitable encryption key (there are
many utilities on the internet like <a href="http://www.andrewscompanies.com/tools/wep.asp">this one</a&gt
and then entering it in your AP's web interface. This will be enough to stop
the guy in a coffee shop next-door from connecting to the Internet via your
network (rather than paying for the local hotspot access--who doesn?t like a
free lunch?). That?s all very well but will it protect your network from more
shady characters? No is the simple answer; WEP encryption is easily crackable for
those in the know. Hackers will be less interested in simply gaining free Internet
access; they could have much more sinister intentions. First, don't advertise
your network to the world. Hide your network SSID (some hardware offers this
feature), and failing that you should at least use a random SSID rather than
?MyCompany.? I know that sounds silly, but you would be amazed how often this
is the case.</p>


<p class="MsoNormal">If possible, use WPA encryption. While this is still not
impregnable, it is a vast improvement over WEP, and most new equipment will
allow the use of WPA. Another precaution you can take is to separate your
wireless and wired networks on to different subnets, placing a firewall between
them (much as you would with your Internet connection).</p>


<p class="MsoNormal">One thing which all network administrators should do on a
regular basis is check the strength of their own networks. Scan your firewall
and systems for the latest vulnerabilities or exploits, because you can be sure
that someone else is doing this for you! The same applies for your wireless
network--do you know how easy or difficult someone would find it to penetrate? A
set of tools I have found very useful are those put together by the security group
<a href="http://www.remote-exploit.org">remote-exploit.org</a>.
You can boot from the Auditor LiveCD without the need for installation. You
don?t need a dedicated notebook--just pick one with compatible hardware, pop in
the CD, and you're off (I use my IBM ThinkPad). It seems this set of tools is
so complete that even the FBI uses it!</p>


<p class="MsoNormal">Explaining the theory behind testing WEP encryption is
beyond the scope of this blog; however, here are several references which will
explain things. Note that most of them refer to the Auditor LiveCD previously
mentioned:</p>


<ul>
<li><a href="http://www.compliancepipeline.com/160502612">
This article from Tom?s Networking describes how FBI agents demonstrated WEP-cracking
techniques using the Auditor distribution. There are also some suggestions for
strengthening your wireless configuration.</a></li>
</ul>


<ul>
<li><a href="http://securityfocus.com/infocus/1814">
This column from SecurityFocus goes more in-depth on the subject of WEP
cracking with some interesting background information on the tools used in the
cracking process.</a></li>
</ul>


<ul>
<li><a href="http://www.crimemachine.com/Tuts/Flash/wepcracking.html">Finally, this video shows how shockingly easy it actually is to hack into a
WEP-encrypted network. I followed this tutorial and audited my own home
network; needless to say, I have now moved over to WPA encryption!</a></li>
</ul>


<p class="MsoNormal">If you don't already follow security-related press and learn
about so called 'underground' techniques being used by hackers today, I can
only urge you to do so. The only way to keep your networks secure is to fully
understand the threats being faced and techniques used.</p>

Collapse -

Is your Wireless infrastructure properly protected?

by conceptual In reply to Is your Wireless infrastr ...

This is solid information, but the vulnerabilities of WEP have been known for months. The FBI demo was news, but should have awakened everyone months ago. It also turns out that WPA has its problems if possible go with WPA2.

Collapse -

WPA explored

by Justin Fielding In reply to In my own words...

<p class="MsoNormal"></p>


<p class="MsoNormal"></p>


<p class="MsoNormal">I have been doing a little research on the subject of WPA
wireless protection. A good description
of WPA along with its relative Pros and Cons can be found <a href="http://kbserver.netgear.com/kb_web_files/n101190.asp">here</a>, courtesy of Netgear.</p>


<p class="MsoNormal"></p>


<p class="MsoNormal">As confirmed in this article on <a href="http://wifinetnews.com/archives/004428.html">Wi-Fi Net News</a>,
WPA has been broken. This refers to the preshared-key
implementation of WPA (WPA-PSK), however it doesn?t seem that certificate based
WPA (802.1x RADIUS authentication) is vulnerable to this attack. Having not used RADIUS authentication
previously, I was interested to see how much work would be required to get this
up and running. I stumbled upon a great
three part article from <a href="http://www.linuxjournal.com/article/8151">Linux Journal</a>. The link provided is for the third instalment,
I would suggest reading this part first, just to get an idea of what is
involved and how it all works.</p>
<p class="MsoNormal">RADIUS authentication is an interesting prospect, with the
possibility of using it for other purposes such as PPTP (VPN) connection auth
and Windows login. The
server can be set
up so that it logs to an SQL database, making reporting quite
simple. It would be interesting to hear from anyone who has this
type of system in place.</p>

Collapse -

WPA explored

by jmgarvin In reply to WPA explored

Axsome!  Thanks a bunch!

Back to After Hours Forum
387 total posts (Page 1 of 39)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums