Instant Messaging Security and Firewalls

1
Instant Messaging Security and Firewalls
2
IM Security and Firewalls

• IM types
• IM vulnerabilities
• New IM products
• Firewalls
• NAT, PAT
• Packet filtering
• Proxy Server
• Stateful packet inspection
• Access control lists

3
IM types

• Two basic types of IM
• Enterprise IM
• Consumer IM
• IMs in use today are
• AIM (AOL IM)
• MSN Messenger
• Yahoo Messenger
• IRC (Internet Relay Chat)
• ICQ (I Seek You)

4
Instant Messenger

• IM uses real-time communication
• IM can be used only with clients who are online
  at that time
• IM operates in peer-to-peer or peer-to-network
  models
• IM transports sensitive and confidential data
• IM sends plain text over public networks
• AIM is the most used IM system followed by ICQ

5
Instant Messenger

• IM uses username and password for authentication
• IM requires immediate response, unlike email
• IM can transfer files

6
IM Vulnerabilities

• In peer-to-peer model, actual IP address of the
  client is exposed
• In peer-to-network model, the network
  authenticates the client and then provides IM
  service
• Files attached in IM messages are not scanned by
  servers. This could cause Trojan horses and
  viruses transmitted easily
• IM has the ability to remotely control desktops
• Since IM requires immediate response, people may
  not have enough time to think and act when a
  request for information arrives

7
IM Vulnerabilities

• IM uses both TCP and UDP ports that are not
  usually monitored
• IM uses higher range ports that are usually not
  monitored
• Different IMs use different set of ports

8
New IM products

• Encryption is available with IM products on an
  optional basis
• A firewall can block all IM ports
• Enterprise AIM and Trillian are two products that
  provide encryption

9
Firewalls

• Most well-known security mechanism today
• Enforces security mechanism between a trusted
  internal network and an untrusted external
  network
• Types of firewalls are
• NAT, PAT
• Packet-filtering
• Proxy server
• Stateful packet inspection
• Access Control Lists (ACL)

10
Firewalls

• Packet filtering firewalls are basically routers
  with advanced filtering techniques. Cisco calls
  packet filters as Access Control Lists (ACLs)
• Sample Cisco IOS command for ACL
• access-list 101 permit tcp any 1.2.3.4
  0.0.0.0 eq 80
• access-list 101 deny ip any 1.2.3.4
  0.0.0.0 - r u

11
Firewalls

• Proxy servers are application gateways
• Proxies are partially aware of protocol states
  and fully aware of application states
• Proxies are rarely transparent to users
• Proxies are resource intensive
• Considered to be first generation firewalls
• Proxies are not easily scalable
• SOCKS is an example of a proxy server

12
Firewalls

• Proxy servers are also known as application
  gateways
• Application gateways send packets only to
  designated computers
• Advantages
• Information hiding (protects the name of the real
  servers)
• Robust authentication (monitor all traffic)
• Filtering

13
DMZ

• Demilitarized Zone is the area between the
  outside world and the trusted internal network
  where publicly accessed servers are placed
• Bastion hosts are computers that reside in the
  DMZ and are exposed to attacks

14
DMZ diagram
15
Firewalls

• Stateful firewalls are currently the standard
• Checkpoint Software Technology developed the
  first stateful firewall
• Stateful firewalls
• Access and analyze data derived from all
  communication layers
• State and context information is cached and
  updated dynamically
• Works with connection-oriented protocols (TCP)
• Works with connection-less protocols (UDP, RPC)
• Any traffic not explicitly allowed by the rules
  is discarded

16
References

• www.ceruleanstudios.com has information about
  Trillian IM

17
Security Scenario to Solve

• Firewalls have been the mainstay of access
  control that keep intruders out. However,
  backdoor entries into firewalls are left.
  Research this topic to see how such backdoor
  entry points are devised, why they are needed,
  what can be done to minimize attacks through
  backdoor entries.