By Sarah Gain
Nortel urges Middle Eastern organisations to take new security measures for instant messaging (IM).
Virus attacks, worm infiltrations and poor data tracking are some of the key concerns as the number of instant messaging (IM) users in the region’s corporate environment increases at staggering rate and Nortel Networks is advising organisations to reconsider the way they look at network security as a result of the growing number of people using IM applications in their everyday work environment.
Though popular as an effective communications tool, IM is a security nightmare for most companies as employees are communicating with colleagues and customers with no record of transactions, compromising on some fundamental corporate information and in many cases. The service is also a known conduit for new viruses and worms that can attack business applications and render entire IT systems useless.
According to findings from a recent survey from Sybari, a majority of business professionals in the EMEA region classified viruses as their biggest concern in regards to IM, followed by other issues such as data filtering, tracking and archiving. According to Ramin Attari, vice president Middle East for Nortel Networks, “It is clear that companies are worried about virus attacks, the impact of users sharing corporate information and the lack of logging of conversations that may contain commercially impacting decisions.”
In the past viruses were spread at a much slower rate, but now IM can also mean instant virus sharing. The ICSA Virus Prevalence Survey 2003 revealed that file viruses took months to years to spread widely, Macro viruses took weeks to months, and mass mailers took days. Code Red took about 12 hours and SQL Slammer affected the world in about ten minutes.
There are now 50 worms and viruses which can be shared using IM. Some use the buddies and friend lists to forward the virus, pretending to be creating messages from a user’s own account, and this could get worse. There is the potential for trojans that copy personal IM information such as buddy lists, passwords and log files, which could go on to copy information using IM as an access method, such as IP addresses, system information, and then either remotely control that PC or use the platform to spread faster.
Many organisations in the Middle East have banned IM to avoid these risks, however, this stops users from benefiting from productivity improvements generated by the service. IM uses popular communication ports to access networks, such as TCP port 80, which is also used by browsers. Traditional firewall products allow administrators to control traffic by port, so the only way to stop all IM would also stop all web activity.
By taking a look inside each packet of data at the point of entry to an organisation, at the network boundary, it can be determined if the packet is an IM packet or not, and hence discard unwanted messages. However, if this is performed in software, the network delay could be significant enough to stop delay-sensitive IP telephony traffic, so organisations need to use a high-speed data product to provide high speed, deep packet inspection to protect these networks.