http://books.slashdot.org/books/05/12/28/1622246.shtml
[ http://www.amazon.com/exec/obidos/ASIN/1597490172/c4iorg - WK]
Author: Paul Piccard
Pages: 454
Publisher: Syngress
Rating: 9
Reviewer: Ben Rothke
ISBN: 1597490172
Summary: How to get a handle on the increasing number of IM, P2P, and
IRC applications that are found on the corporate networks
Similarly, many organizations have deployed myriad security hardware
and software products in their infrastructure. But when it comes to
instant messaging and peer to peer applications, these applications
often execute below the radar of many security products. This is due
to the fact that the security infrastructure in many organizations was
not architected to deal with such applications. These applications
often have so much functionality that it obviates much of the security
afforded by the security hardware and software products.
Using file transfer as an example, many organizations have policies
and controls in place to stop the use of protocols such as ftp and
tftp. This is fine, but that will only work for the ftp protocol. File
transfer can still be carried out by most instant messaging clients,
and that can pose serious security risks.
With that, Securing IM and P2P Applications for the Enterprise
provides an excellent overview on how to handle, manage and secure IM,
P2P, and IRC applications. This book is written for security and
system administrators that need specific details on how to control and
secure IM, P2P and IRC applications in their organization.
The need to get a handle on IM and P2P is crucial given that IM has
turned into a global communications medium with most organizations
today reported that they allow it for business usage. Many marketing
and technical support calls are now handled via IM and this translates
in to well over 250 million IM users worldwide. P2P is great for
downloading music and movies, but that that poses serious security and
legal liability risks when done on most corporate networks.
But with all the benefits that IM provides, it introduces many
security and privacy risks. IM viruses, identity theft issues,
phishing, spyware and SPIM (SPAM over IM) are just a few of the many
risks. These risks can turn into intellectual property losses and
legal liability issues especially when they are combined with targeted
attacks on corporate IM users. Companies that don't have an effective
way in which to deal with IM and P2P are in serious danger as most IM
and P2P threats fly under the radar of many traditional security
solutions.
The book has a fairly straightforward approach. Chapter 1 provides an
introduction to IM and the most common security issues that IM brings
into an organization. The bulk of the remainder of the book details
various different IM applications in Part 1 (AIM, Yahoo, MSN, ICQ,
Google, Skype), P2P applications in Part 2 (Gnutella, eDonkey/eMule,
BitTorrent, FastTrack) and IRC networks and applications in Part 3.
Each chapter details the specific architecture of each application,
its protocols, security issues, and solutions in which to secure the
application. System administrators can use many of the checklists to
quickly perform the initial steps necessary to secure their
organization from unauthorized IM, P2P, and IRC applications.
Each chapter also provides significant details about the internals on
how each application operates. In addition, various 3rd-party tools
that can be used to secure and limit the various applications are
listed.
Many companies are finding that a significant amount of their
bandwidth is being used by P2P applications and Part 2 describes how
to secure networks from the use of P2P applications. This is not
always an easy thing to carry out given that many P2P applications,
such as Gnutella are designed to easily bypass many of the security
control mechanisms placed against it. Administrators will find that in
this case, simply blocking Gnutella ports will not block all Gnutella
traffic and the application still will be able to run. What is
required in this case is the use of a firewall that supports deep
packet inspection. Chapter 9 helpfully lists the commands to use when
using iptables to block Gnutella traffic.
Chapter 12 provides an interesting look at FastTrack, which is the P2P
protocol and network used by clients such as Grokster, Morpheus and
other file sharing programs. The chapter also uses Ethereal to detail
the internals of FastTrack.
Part 3 deals with IRC and is the sparsest part of the book. This is
due to the fact the P2P and IM are much more heavily used on
enterprise networks, which this book is geared to.
The only negatives about the book are its price, and some of its
formatting. At $49.95, it is on the higher-end of computer security
books, with the majority of such titles being in the $25.909 - $39.99
range. The formatting uses a font size that is somewhat larger than
other book. This seemingly serves to achieve a high page count.
In addition, the book often references tables of secondary information
that spans a few pages (for examples see pages 72-80, 115-120 and
more). Such information would be better served in a multiple-column
table in a smaller font. Printing the information in such a manner can
cut down on the page total, and save a few trees at the same time.
Besides those two minor issues, Securing IM and P2P Applications for
the Enterprise is a most helpful guide. Security and system
administrators can use the book to get a handle on the increasing
number of IM, P2P, and IRC applications that are found on the
corporate networks they support.
-=-
Ben Rothke, CISSP is a New York City based senior security consultant
with ThruPoint, Inc. and the author of Computer Security 20 Things
Every Employee Should Know (McGraw-Hill 2006) and can be reached at
ben@private"
_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 18:56:39 PST