Solved

Best IM security appliance/Firewall

Posted on 2008-10-29
11
371 Views
Last Modified: 2010-04-09
Dear Experts,

Organization size: 400 users
Currently using : Public MSN

I need some guidance in regard to choosing a corporate IM solution and the security that should go with it.

What we want:

- Able to avoid worms, poison URL's, virus, etc.
- Control over the sessions in real time
- monitor buddies/contact lists. To be able to remove/edit contact list once the user leaves the organization
- Force them to use user@organization'sdomain.com as their sign on. Or mask it somehow
- Archive the sessions
- Encrypted sessions In and out of the network
- LDAP connectivity

1- If we get a IM security appliance does it matter if I stay with MSN or if we switched to a solution such as the OCS client/ corporate client?

2-Here is a list of vendors I found. I wonder how familiar you are with their appliances/software:

http://www.ciphertrust.com/products/ironim/

http://www.barracudanetworks.com/ns/products/im_overview.php

http://www.akonix.com/products/a1000.asp

http://www.jabber.com/CE/JabberNowFeatures

http://www.symantec.com/business/im-manager

http://www.facetime.com/productservices/enterpriseedition.aspx


Thanks and  I appreciate your time and expertise,

John

0
Comment
Question by:JohnRamz
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 23

Expert Comment

by:that1guy15
ID: 22835023
I would suggest MS OCS for the expandability and integration into your AD network along with interaction with Office and other MS applications.

0
 
LVL 7

Expert Comment

by:aboredman
ID: 22835021
Check the products from St Bernard...

http://www.stbernard.com/products/products.asp
0
 
LVL 6

Expert Comment

by:Emredrum76
ID: 22837896
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 22837959
For security, it's jabber. http://en.wikipedia.org/wiki/Jabber
Jabber has been adopted by AOL, Google and others, cisco has also aquired jabber, however, jabber is encrypted all the way via TLS. http://xmpp.org/rfcs/rfc3920.html#tls
It can also be used for intranet IM'ing as well as public messaging. While you cannot easily monitor your users, on the wire, if your an admin you can certainly audit the users PC. The nature of encryption negates making it easy to evesdrop, snoop on traffic/messages. JabberNow is an appliance that integrates with AD and makes setup a cinch http://www.jabber.com/ using such an appliance you can in fact archive conversations:Message Archiving and Reporting for Compliance|
Add-on| http://www.jabber.com/CE/JabberNowFeatures
-rich
0
 

Author Comment

by:JohnRamz
ID: 22840431
Richrumble,

The thing about Jabber is that our organization has about 400 people and Jabbernow can be licensed for up to 200 people. I also do not know if it is a good idea to commit to a company that is in a transition period.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 22840762
That's the appliance, the protocol is open and you can run your own server, see jabber.org as opposed to .com. There is an app called BanderSnatch that can log all conversations that pass through your jabber server, http://www.funkypenguin.info/tag/bandersnatch/
I've just tried it out and it works very well! Even logs conversations from my gmail to my internal, so I might have to do more research and testing to see if my clients would also benefit from it.... learn something everyday...
-rich
0
 

Author Comment

by:JohnRamz
ID: 22841830
richrumble,

Our main goal is to prevent worms, viruses, phishing, poison URLs and so on. I do not see how running my own open source jabber server could prevent that. Once the users start chatting with yahoo, MSN users we would still be exposed to all the threats.

John


0
 
LVL 23

Expert Comment

by:that1guy15
ID: 22841982
ONe of the reasons i mentioned OCS was because if its working behind a ISA server then you will have additional controls to better secure OCS

Google "OCS and ISA" and you will see several articles on securing OCS with ISA
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 22842132
Users will find a way to infect you still, and if they can't use their preferred IM clients, they will install their own. Users should not be local admin's of their machines that will stop 98% of viri from spreading right there http://www.xinn.org/win_bestpractices.html
http://nonadmin.editme.com/
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
And even then, users will visit Meebo.com, aim.com, messenger.yahoo.com, messenger.msn.com and use the online versions... so mitigation via users access rights is probably the best overall change you can do. When our company locks users down, moving them from admins to users group, and they can no longer install or use the software they preferred, they always visit sites like meebo etc.. and while they do not get infected with spyware or virii they do tend to get BHO's (browser helper objects) in IE, like the Vundo virus. We move them to FireFox and we don't have to worry about virii much at all. Phishing there is no IM client or software that is even 80% accurate... google however is pretty good about marking sites as phishing and spyware, and FireFox happens to use the Google Safe browsing API... It's one of the best defenses we've used and it's free. We've demo'd Sophos, WebWasher, SafeSquid, WebSense and on and on... they aren't as up2date as google is when it comes to marking sites. Sophos has since started using the Google SB API in addition to it's own heuristics.
Security is a process, not a program. I hope this helps.
-rich

0
 

Author Comment

by:JohnRamz
ID: 22960658
RichRumble,

That is great advice and I appreciate you being so honest and educational at the same time. Since you started the subject, how can I get around this if for our main propietary program to run on each computer local admin rights are needed?.This is a company that develops software and about 70% of the user needs to install this app and run it to test before it goes out to our customers.

Could they just be Power users? I do not even know the main difference between this kind of users and local admins

Thanks
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 22966798
You can use Runas, and you can also try to figure out if power user can in fact give your users enough rights to run/install the apps. http://xinn.org/RunasVBS.html
http://technet.microsoft.com/en-us/library/bb742509.aspx
Power Users can:
Install and remove applications per computer that do not install system services.
Customize system-wide resources (for example, System Time, Display Settings, Shares, Power Configuration, Printers, and so forth).
Power Users are not allowed to access other users' data stored on an NTFS partition.
In practice, Power Users cannot install many legacy applications, because these applications attempt to replace operating system files during the setup process.
-rich
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now