Companies target IM, peer-to-peer threats

Real-time communications vendors Akonix and FaceTime this week are expected to beef up their security gateways to lock down the avenues that viruses and malware travel using instant messaging and peer-to-peer programs.

The vendors are adding support for blocking many peer-to-peer protocols and IM clients.

IM and peer-to-peer file-sharing programs made the SANS Institute's list of top 20 vulnerabilities this year. The report says IM vulnerabilities come in the form of remotely executed buffer overflows such as the recent exploit using JPEG files, URL/malicious link-based attacks, file transferring vulnerabilities and Active X exploits.

Peer-to-peer vulnerabilities include denial-of-service attacks and unauthorized file access. Peer to peer also can raise legal issues related to distribution of copyrighted material.

"If you take a look at a lot of IT departments they will say they don't have consumer IM or [peer-to-peer] apps in use, and then you put a sniffer on the network and you find there are a bazillion connections per day to all of these," says Michael Osterman, president of Osterman Research. He says vendors such as Akonix and FaceTime are bringing awareness to the issue. "These vulnerabilities are becoming more of a problem, but at the same time people are becoming more aware of the fact that bad stuff is out there."

Akonix is set to announce Version 4.0 of its Enforcer gateway, which sits at the edge of a network, and monitors outbound traffic and blocks IM and peer-to-peer protocols. Enforcer works in conjunction with Akonix's L7 Enterprise server, which lets companies manage IM by blocking it outright or controlling its use with specific policies.

Akonix is adding support to Enforcer for peer-to-peer applications eDonkey and BitTorrent, and the ability to block Internet Relay Chat, which often is used as a back channel by malicious software.

Enforcer also is being upgraded with the ability to look inside encapsulated virtual LAN traffic, support for multiple network interface cards in a single server, and identity services to tie Enforcer to corporate directories.

"I liken the [peer-to-peer] file sharing to the old game of Whack-a-Mole; once one is whacked down some teenager somewhere creates another protocol that is even harder to detect," says Francis Costello, chief marketing officer at Akonix.

Enforcer 4.0 is scheduled to ship in the next 30 days priced at US$7,000 per 1,000 nodes.

FaceTime is set to introduce Version 2.0 of Real-Time Guardian 500 (RTG), a Linux-based network appliance that can monitor and block IM and peer-to-peer traffic. The appliance is being updated with the capability to block Koala DC, BitTorrent and Azureus peer-to-peer applications. FaceTime also is adding the ability to detect embedded vulnerabilities in IM traffic, such as the JPEG exploit.

RTG 500 2.0 also includes an auto update feature for blocking peer-to-peer applications on the fly, and FaceTime is expected to announce it has formed an internal group to research the latest vulnerabilities, worms and viruses, and create signatures that can be uploaded into Version 2.0.

In addition, the group, called FaceTime Instant Response Security Team, is scheduled to develop a set of tools and best practices to assess vulnerability; the tool will be made available free to users.

RTG 500 2.0 is priced at US$5,000 per appliance and US$15 per user for 1,000 users.

Join the newsletter!

Error: Please check your email address.

More about FaceTimeGatewayKoalaNetAppOsterman ResearchSANS InstituteThe SANS Institute

Show Comments

Market Place