[Web4lib] IM Security

Chadwick, John, DCA john.chadwick at state.nm.us
Tue Mar 6 08:36:06 EST 2007


I stand corrected on the protocol statement. However, SMTP, POP3, and
IMAP do not do port scanning for open ports like some IM systems do. 

This is an older document, but does a good job of explaining IRC:

http://www.ciac.org/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdf

One quote in particular:

"A less useful method is to scan the semi-standard IRC ports 6666-6667.
However, IRC is not bound to these ports and intruders often use higher
port numbers in the 6555X range. To detect IRC activity using a port
scanning
method one would have to continually scan these, and possibly other
ports, searching for an IRC response. For this to be successful two
requirements must be satisfied. First, the IRC agent is listening on
that port when the scan takes place. Secondly, the port scanner is able
to identify the IRC service response. It is conceivable that an IRC
response from a customized IRC server might incorporate a secret
response mechanism. This mechanism would prelude its identification as
being an IRC service by a standard or non-customized IRC port scanner."

And, there is a problem with blocking a large range of ports. We use a
non-Cisco firewall and found that in blocking the IRC range, using the
pre-defined settings on the device, we were unintentionally blocking
online registration to the local community college.

Some who responded to my message seemed to miss my last point. Even with
all the security risks for IM, there are legitimate uses and there is no
reason to block IM within a corporate network.

As to P2P technologies, there are security and copyright issues involved
with P2P that concern me. Our library is part of the State of New Mexico
network, and P2P is blocked at the state level. We have fought to have
many things opened up for our institution, but P2P is one that I cannot
get through.

John Chadwick


-----Original Message-----
From: Micah Stevens [mailto:micah at raincross-tech.com] 
Sent: Tuesday, March 06, 2007 1:15 AM
To: Chadwick, John, DCA
Cc: web4lib at webjunction.org
Subject: Re: [Web4lib] IM Security

On 03/05/2007 06:52 PM, Chadwick, John, DCA wrote:
> One of the major problems with IM is that it uses a protocol instead
of
> a standard TCP/IP port. It is easy to filter out spam and viruses on
> e-mail because all traffic flows on port 25. IM just looks for the
next
>   
I hate to be nitpicky, but this statement is extremely misleading. Email

is a protocol just like anything else on the Internet. It actually uses 
several (SMTP, POP3, IMAP, etc..) It also uses a port as does any TCP 
connection. This is exactly how most instant messengers work, although 
the specifics of the protocol are different. Although a protocol could 
be designed to operate as you suggest, it would be incorrect to describe

all instant messengers as having this property. AIM for example uses 
port 5900 to connect. MSN uses several ports depending on what is being 
transferred (voice, files,etc.) however they are specific ports and can 
be effectively firewalled. Without researching I cannot speak for all 
the IM services that are available, but I think my point in general is 
valid. If you have a specific example that disagrees, I'd be curious to 
know.
> Also, since flavors of IM uses peer-to-peer
> technologies, your computer essentially becomes one with other
> computers, including those that are infected with viruses.
>
>   
Again misleading and incorrect depending on implementation. I will agree

however that these systems can be a portal for virii, and this is a very

valid concern. Inherently though this threat is no more so for Instant 
messaging than for other methods of Internet communication such as web 
browsing, email, etc.. Secure implementation varies however as the 
mentioned links suggest.

-Micah

______________________________________________________________________
This inbound email has been scanned by the MessageLabs Email Security
System.
______________________________________________________________________


Confidentiality Notice: This e-mail, including all attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message. -- This email has been scanned by the Sybari - Antigen Email System. 





More information about the Web4lib mailing list