|
WEB IM (Web Instant Messenger) platforms provide computer
users with WEB interfaces that allow them to have Instant
Messenger services such as MSN and Yahoo. The convenience
offered by WEB IM, however, also raises several challenges to
corporations wanting to control the use of IM:
1. Corporate users could open a web browser, type the
URLs of WEB IM sites, and easily connect to Web IM sites. Such
practice cannot be controlled by a firewall because most
corporations allow outgoing network access via TCP/80
(HTTP).
2. Simply blocking URLs of WEB IM sites would not work.
The reason is that internal users could try to access an
external HTTP proxy server first and then connect to WEB IM
sites.
3. Nearly all IM auditors target on traditional IM
programs only, and therefore, an internal user can easily
circumvent an IM auditor's logging of their chatted messages
if these users use WEB IM services.
4. According to BSST's research, some WEB IMs such as
iLoveIM.com and eBuddy.com do not encrypt a user's account
name and password during network packets transmission. A
malicious user can sniff network traffics and easily obtain a
user's IM account and password.
A layer-7 device, NetKeeper parses WEB IM traffics
according to their protocols, and therefore NetKeeper can
detect WEB IM traffics accurately. BroadWeb BSST suggests that
NetKeeper users upgrade their signature patterns to versions
3.55 or later in order to detect or block the following uses
of WEB IM:
|
Official WEB MSN |
http://webmessenger.msn.com/default.aspx?R=1 |
|
Official WEB ICQ |
http://www.icq.com/icq2go/ |
|
e-messenger |
http://www.e-messenger.net |
|
Meebo |
|
|
eBuddy |
http://www.ebuddy.com |
|
iLoveIM.com |
|
Broadweb Security Service Team (BSST) - Empower Your
Network Security
Broadweb NetKeeper Intruder Prevention
System delivers the protection against intrusion, worms, DDOS,
Instant messaging, P2P, Web-Mail, and Web
Post. | 