Best IM security appliance/Firewall
Dear Experts,
Organization size: 400 users
Currently using : Public MSN
I need some guidance in regard to choosing a corporate IM solution and the security that should go with it.
What we want:
- Able to avoid worms, poison URL's, virus, etc.
- Control over the sessions in real time
- monitor buddies/contact lists. To be able to remove/edit contact list once the user leaves the organization
- Force them to use user@organization'sdomain.
- Archive the sessions
- Encrypted sessions In and out of the network
- LDAP connectivity
1- If we get a IM security appliance does it matter if I stay with MSN or if we switched to a solution such as the OCS client/ corporate client?
2-Here is a list of vendors I found. I wonder how familiar you are with their appliances/software:
http://www.ciphertrust.com/products/ironim/
http://www.barracudanetworks.com/ns/products/im_overview.php
http://www.akonix.com/products/a1000.asp
http://www.jabber.com/CE/JabberNowFeatures
http://www.symantec.com/business/im-manager
http://www.facetime.com/productservices/enterpriseedition.aspx
Thanks and I appreciate your time and expertise,
John
Organization size: 400 users
Currently using : Public MSN
I need some guidance in regard to choosing a corporate IM solution and the security that should go with it.
What we want:
- Able to avoid worms, poison URL's, virus, etc.
- Control over the sessions in real time
- monitor buddies/contact lists. To be able to remove/edit contact list once the user leaves the organization
- Force them to use user@organization'sdomain.
- Archive the sessions
- Encrypted sessions In and out of the network
- LDAP connectivity
1- If we get a IM security appliance does it matter if I stay with MSN or if we switched to a solution such as the OCS client/ corporate client?
2-Here is a list of vendors I found. I wonder how familiar you are with their appliances/software:
http://www.ciphertrust.com/products/ironim/
http://www.barracudanetworks.com/ns/products/im_overview.php
http://www.akonix.com/products/a1000.asp
http://www.jabber.com/CE/JabberNowFeatures
http://www.symantec.com/business/im-manager
http://www.facetime.com/productservices/enterpriseedition.aspx
Thanks and I appreciate your time and expertise,
John
that1guy15
I would suggest MS OCS for the expandability and integration into your AD network along with interaction with Office and other MS applications.
For security, it's jabber. http://en.wikipedia.org/wiki/Jabber
Jabber has been adopted by AOL, Google and others, cisco has also aquired jabber, however, jabber is encrypted all the way via TLS. http://xmpp.org/rfcs/rfc3920.html#tls
It can also be used for intranet IM'ing as well as public messaging. While you cannot easily monitor your users, on the wire, if your an admin you can certainly audit the users PC. The nature of encryption negates making it easy to evesdrop, snoop on traffic/messages. JabberNow is an appliance that integrates with AD and makes setup a cinch http://www.jabber.com/ using such an appliance you can in fact archive conversations:Message Archiving and Reporting for Compliance|
Add-on| http://www.jabber.com/CE/JabberNowFeatures
-rich
Jabber has been adopted by AOL, Google and others, cisco has also aquired jabber, however, jabber is encrypted all the way via TLS. http://xmpp.org/rfcs/rfc3920.html#tls
It can also be used for intranet IM'ing as well as public messaging. While you cannot easily monitor your users, on the wire, if your an admin you can certainly audit the users PC. The nature of encryption negates making it easy to evesdrop, snoop on traffic/messages. JabberNow is an appliance that integrates with AD and makes setup a cinch http://www.jabber.com/ using such an appliance you can in fact archive conversations:Message Archiving and Reporting for Compliance|
Add-on| http://www.jabber.com/CE/JabberNowFeatures
-rich
ASKER
Richrumble,
The thing about Jabber is that our organization has about 400 people and Jabbernow can be licensed for up to 200 people. I also do not know if it is a good idea to commit to a company that is in a transition period.
The thing about Jabber is that our organization has about 400 people and Jabbernow can be licensed for up to 200 people. I also do not know if it is a good idea to commit to a company that is in a transition period.
That's the appliance, the protocol is open and you can run your own server, see jabber.org as opposed to .com. There is an app called BanderSnatch that can log all conversations that pass through your jabber server, http://www.funkypenguin.info/tag/bandersnatch/
I've just tried it out and it works very well! Even logs conversations from my gmail to my internal, so I might have to do more research and testing to see if my clients would also benefit from it.... learn something everyday...
-rich
I've just tried it out and it works very well! Even logs conversations from my gmail to my internal, so I might have to do more research and testing to see if my clients would also benefit from it.... learn something everyday...
-rich
ASKER
richrumble,
Our main goal is to prevent worms, viruses, phishing, poison URLs and so on. I do not see how running my own open source jabber server could prevent that. Once the users start chatting with yahoo, MSN users we would still be exposed to all the threats.
John
Our main goal is to prevent worms, viruses, phishing, poison URLs and so on. I do not see how running my own open source jabber server could prevent that. Once the users start chatting with yahoo, MSN users we would still be exposed to all the threats.
John
ONe of the reasons i mentioned OCS was because if its working behind a ISA server then you will have additional controls to better secure OCS
Google "OCS and ISA" and you will see several articles on securing OCS with ISA
Google "OCS and ISA" and you will see several articles on securing OCS with ISA
Users will find a way to infect you still, and if they can't use their preferred IM clients, they will install their own. Users should not be local admin's of their machines that will stop 98% of viri from spreading right there http://www.xinn.org/win_bestpractices.html
http://nonadmin.editme.com/
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
And even then, users will visit Meebo.com, aim.com, messenger.yahoo.com, messenger.msn.com and use the online versions... so mitigation via users access rights is probably the best overall change you can do. When our company locks users down, moving them from admins to users group, and they can no longer install or use the software they preferred, they always visit sites like meebo etc.. and while they do not get infected with spyware or virii they do tend to get BHO's (browser helper objects) in IE, like the Vundo virus. We move them to FireFox and we don't have to worry about virii much at all. Phishing there is no IM client or software that is even 80% accurate... google however is pretty good about marking sites as phishing and spyware, and FireFox happens to use the Google Safe browsing API... It's one of the best defenses we've used and it's free. We've demo'd Sophos, WebWasher, SafeSquid, WebSense and on and on... they aren't as up2date as google is when it comes to marking sites. Sophos has since started using the Google SB API in addition to it's own heuristics.
Security is a process, not a program. I hope this helps.
-rich
http://nonadmin.editme.com/
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
And even then, users will visit Meebo.com, aim.com, messenger.yahoo.com, messenger.msn.com and use the online versions... so mitigation via users access rights is probably the best overall change you can do. When our company locks users down, moving them from admins to users group, and they can no longer install or use the software they preferred, they always visit sites like meebo etc.. and while they do not get infected with spyware or virii they do tend to get BHO's (browser helper objects) in IE, like the Vundo virus. We move them to FireFox and we don't have to worry about virii much at all. Phishing there is no IM client or software that is even 80% accurate... google however is pretty good about marking sites as phishing and spyware, and FireFox happens to use the Google Safe browsing API... It's one of the best defenses we've used and it's free. We've demo'd Sophos, WebWasher, SafeSquid, WebSense and on and on... they aren't as up2date as google is when it comes to marking sites. Sophos has since started using the Google SB API in addition to it's own heuristics.
Security is a process, not a program. I hope this helps.
-rich
ASKER
RichRumble,
That is great advice and I appreciate you being so honest and educational at the same time. Since you started the subject, how can I get around this if for our main propietary program to run on each computer local admin rights are needed?.This is a company that develops software and about 70% of the user needs to install this app and run it to test before it goes out to our customers.
Could they just be Power users? I do not even know the main difference between this kind of users and local admins
Thanks
That is great advice and I appreciate you being so honest and educational at the same time. Since you started the subject, how can I get around this if for our main propietary program to run on each computer local admin rights are needed?.This is a company that develops software and about 70% of the user needs to install this app and run it to test before it goes out to our customers.
Could they just be Power users? I do not even know the main difference between this kind of users and local admins
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.