File sharing and IM pose fresh security threats

26 Nov 2004

Tools such as peer-to-peer file-sharing programs and instant messaging (IM) software represent new threats to organisations as many of them are able to avoid detection by IT security systems, according to the internet-filtering specialist Websense.

IM is growing in popularity as a business tool – the ESB for example uses it for collaboration, particularly with offshore outsourcing partners. It is also deployed in some financial institutions where real-time communications are preferable to email.

File-sharing tools for swapping music and movies may not be officially sanctioned in the workplace but they are popular with users because of the greater bandwidth available in the office compared to the home, said Frank Coggrave, regional director for Websense.

However, many of these tools are built to avoid detection on a corporate network even when there are some security safeguards in place, he claimed. Many file-sharing programs and some IM tools are built to seek out open ports on a network. Without any user intervention, these programs reroute themselves if the port they normally use is blocked by a network security filtering tool. It is this technique that makes them such a security headache, said Coggrave. “You put in a metal detector and somebody builds a plastic gun,” he added.

Some of the leading IM products such as those supplied by Microsoft, Yahoo and AOL, have stopped including this feature but there are others that haven’t, said Coggrave.

He added that many peer-to-peer sites can be used to download games, as well as the hacks needed to play them without the CD that would normally be required. However more than two thirds of these hacks contain viruses or Trojan horses, he claimed.

Coggrave said that many of the newly emerging internet security threats can be divided into two groups: intentional and unintentional. “People intend to use IM and also purposely use peer-to-peer file sharing – but using them, you open tunnels into your organisation through which you can send anything,” he said.

The unintentional category includes malicious mobile code attached to websites or else phishing attacks. “Because of this whole series of blended threats, we’re educating people that just because you bought antivirus three years ago, it doesn’t mean you’re protected,” he said.

“It’s a question of constant vigilance – you can’t just buy a product and say the job’s done. You have to accept there’s risk and all you can do is work hard and minimise the risk.”

Websense has an Irish office in Ballsbridge, Dublin – one of four throughout Europe. The Irish operation handles back-office functions for the company and recently began carrying out web analysis for the European market, classifying sites according to content and updating the company’s global list of webpages.

By Gordon Smith