[ISN] Book Review - Securing IM and P2P Applications for the Enterprise

[InfoSec News]

http://books.slashdot.org/books/05/12/28/1622246.shtml

[ http://www.amazon.com/exec/obidos/ASIN/1597490172/c4iorg  - WK]

Author: Paul Piccard  
Pages: 454 
Publisher: Syngress 
Rating: 9 
Reviewer: Ben Rothke 
ISBN: 1597490172  
Summary: How to get a handle on the increasing number of IM, P2P, and
         IRC applications that are found on the corporate networks

Similarly, many organizations have deployed myriad security hardware 
and software products in their infrastructure. But when it comes to 
instant messaging and peer to peer applications, these applications 
often execute below the radar of many security products. This is due 
to the fact that the security infrastructure in many organizations was 
not architected to deal with such applications. These applications 
often have so much functionality that it obviates much of the security 
afforded by the security hardware and software products.

Using file transfer as an example, many organizations have policies 
and controls in place to stop the use of protocols such as ftp and 
tftp. This is fine, but that will only work for the ftp protocol. File 
transfer can still be carried out by most instant messaging clients, 
and that can pose serious security risks.

With that, Securing IM and P2P Applications for the Enterprise 
provides an excellent overview on how to handle, manage and secure IM, 
P2P, and IRC applications. This book is written for security and 
system administrators that need specific details on how to control and 
secure IM, P2P and IRC applications in their organization.

The need to get a handle on IM and P2P is crucial given that IM has 
turned into a global communications medium with most organizations 
today reported that they allow it for business usage. Many marketing 
and technical support calls are now handled via IM and this translates 
in to well over 250 million IM users worldwide. P2P is great for 
downloading music and movies, but that that poses serious security and 
legal liability risks when done on most corporate networks.

But with all the benefits that IM provides, it introduces many 
security and privacy risks. IM viruses, identity theft issues, 
phishing, spyware and SPIM (SPAM over IM) are just a few of the many 
risks. These risks can turn into intellectual property losses and 
legal liability issues especially when they are combined with targeted 
attacks on corporate IM users. Companies that don't have an effective 
way in which to deal with IM and P2P are in serious danger as most IM 
and P2P threats fly under the radar of many traditional security 
solutions.

The book has a fairly straightforward approach. Chapter 1 provides an 
introduction to IM and the most common security issues that IM brings 
into an organization. The bulk of the remainder of the book details 
various different IM applications in Part 1 (AIM, Yahoo, MSN, ICQ, 
Google, Skype), P2P applications in Part 2 (Gnutella, eDonkey/eMule, 
BitTorrent, FastTrack) and IRC networks and applications in Part 3.

Each chapter details the specific architecture of each application, 
its protocols, security issues, and solutions in which to secure the 
application. System administrators can use many of the checklists to 
quickly perform the initial steps necessary to secure their 
organization from unauthorized IM, P2P, and IRC applications.

Each chapter also provides significant details about the internals on 
how each application operates. In addition, various 3rd-party tools 
that can be used to secure and limit the various applications are 
listed.

Many companies are finding that a significant amount of their 
bandwidth is being used by P2P applications and Part 2 describes how 
to secure networks from the use of P2P applications. This is not 
always an easy thing to carry out given that many P2P applications, 
such as Gnutella are designed to easily bypass many of the security 
control mechanisms placed against it. Administrators will find that in 
this case, simply blocking Gnutella ports will not block all Gnutella 
traffic and the application still will be able to run. What is 
required in this case is the use of a firewall that supports deep 
packet inspection. Chapter 9 helpfully lists the commands to use when 
using iptables to block Gnutella traffic.

Chapter 12 provides an interesting look at FastTrack, which is the P2P 
protocol and network used by clients such as Grokster, Morpheus and 
other file sharing programs. The chapter also uses Ethereal to detail 
the internals of FastTrack.

Part 3 deals with IRC and is the sparsest part of the book. This is 
due to the fact the P2P and IM are much more heavily used on 
enterprise networks, which this book is geared to.

The only negatives about the book are its price, and some of its 
formatting. At $49.95, it is on the higher-end of computer security 
books, with the majority of such titles being in the $25.909 - $39.99 
range. The formatting uses a font size that is somewhat larger than 
other book. This seemingly serves to achieve a high page count.

In addition, the book often references tables of secondary information 
that spans a few pages (for examples see pages 72-80, 115-120 and 
more). Such information would be better served in a multiple-column 
table in a smaller font. Printing the information in such a manner can 
cut down on the page total, and save a few trees at the same time.

Besides those two minor issues, Securing IM and P2P Applications for 
the Enterprise is a most helpful guide. Security and system 
administrators can use the book to get a handle on the increasing 
number of IM, P2P, and IRC applications that are found on the 
corporate networks they support.

-=-

Ben Rothke, CISSP is a New York City based senior security consultant 
with ThruPoint, Inc. and the author of Computer Security 20 Things 
Every Employee Should Know (McGraw-Hill 2006) and can be reached at 
ben at rothke.com"