[unisog] MSN Messenger - two questions

Schoenefeld, Keith Preston schoenk at utulsa.edu
Tue Feb 20 22:29:49 GMT 2007


Presumably they protect the user from MSN Messenger application buffer
overruns as such, but I don't recall having seen many (any?) of those,
so I'm not sure how it helps either.  Maybe it's the limited
functionality that Gaim offers that reduces the size of the threat.

I'd personally avoid any argument that includes "a better way to do this
is..." or "That's unprofessional because..." because most universities
are trying to adapt to the student's comfort level rather than forcing
them to adapt to existing "more professional" approaches.  It's all
about butts in the seats (not judging, just narrating). 

I agree that networks of even a few dozen potential students has the
possibility of ruining someone's work day (imagine if even 1/10th to
infected with a worm that constantly sends out "hey look at this link"
messages).

I see two primary differences between IM (whether it's google talk, ICQ,
AIM, or MSN) and email:

1) Email allows for one to slow down and think about a reaction or a
response (even if many people don't take advantage of this ability).
Instant Messaging by nature requires people to make snap judgments and
decisions, so they can respond "instantly".  These snap judgments are
more likely to be made with fully thinking through the consequences of
the decisions, and therefore imho leads to a larger malware problem than
email.

2) The servers for these networks are outside of our control.  We can
set up easy email spam filtering at an entry point on our network (local
jabber servers not withstanding), but IM traffic is a different ball of
wax -- the servers are Microsoft's, or AOL's, or Google's.  How can we
try to "clean" the data coming across the network?  It's possible to a
certain degree, but requires significantly more in the form of manpower,
skills, and technology. 

Those two issues create a stigma about IM that's fairly deserved.  How
each institution handles the problem is just like any other security
decision (potential cost vs. potential or actual benefit).  There's not
a straight forward way to block MSN traffic, or even certain types of
MSN traffic without inline tools (at least not one that I'm aware of),
so many resort to blocking access with Group Policies or by other means.
I, unfortunately, don't know of a good solution.

-- KS

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Brian Eckman
Sent: Tuesday, February 20, 2007 3:56 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] MSN Messenger - two questions

STeve Andre' wrote:
> On Tuesday 20 February 2007 15:46:15 Alan Rothenbush wrote:
>> Background:
>>
>> I'm now under some pressure to "release" MSN Messenger to a group of
my
>> users, some of them senior administrators.
>>
>> To date, the answer has been "no, insecure, next question", and as I
"own"
>> the machines and the users are but users, it has not yet been
installed.
>>
>> Sadly, these bosses (at least one of whom can fire me) now present a
>> legitimate business need for which I have no other solution, the
problem
>> being that prospective students almost universally choose some sort
of IM
>> as the preferred form of communication.
>>
>> (The Instant Gratification generation, I suppose, making me once
again feel
>> my age)
>>
>> Since we (annoyingly) do need students around the place, I'm probably
going
>> to have to come up with some solution.
>>
>> My concerns (perhaps unfounded) are the need to open up the built-in
XP
>> firewall to a server off in the big bad internet, allowing access to
an
>> application that I think has historic security issues.
>>
>> Question 1:
>>
>> Are my concerns unfounded ?
>>
>> (My response "they're all wrong" to the statement "every other
university
>> does it" doesn't seem to be enough of an explanation)
>>
>> Question 2:
>>
>> If it turns out I have to do this, any tips for keeping things safe ?
>>
>> Thanks in advance.
>>
>> Alan
> 
> Well, if you run gaim instead of the standard messenger program,
you'll
> be safer.  Gaim is an open source multiple protocol IM system.  It
runs on
> lots of systems, too.

Can someone please explain how Gaim would make him "safer"? There have
now been at least two posts that suggest this, but offer no explanation
regarding what makes them "safer".

Thanks,
Brian
-- 
Brian Eckman, Security Analyst
University of Minnesota
Office of Information Technology
Security & Assurance
_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list