Instant Messaging

Instant messaging (IM) has become a huge application on the Internet. Ten million or more users are estimated to be using instant messaging worldwide. America Online and Microsoft provide IM services to their subscribers. Their services are free and easily accessible.

IM users can send photos, play network games, conduct chats, send e-mail, and even have IM conferences. IM functionality in no small part explains its growth. Besides, it's just fun. Figure 4.19 shows clients connecting to an IM server system similar to the ones used by Microsoft and AOL. Clients use software to connect to these servers and communicate. These servers may be synchronized worldwide to allow instantaneous communications between any two users in the world.

click to expand
Figure 4.19: An IM network with worldwide users

The next sections deal with the vulnerabilities inherent in IM, as well as the primary methods by which IM users catch and spread viruses.

IM Vulnerabilities

Attacks using IM are becoming very popular. Many of the attacks are intended to disrupt existing systems by interjecting or flooding a channel with garbage. This is also called jamming, and it is one of the favorite techniques used to disrupt public channel communications systems, such as instant messaging. You can go into a chat room or a conversation area on a busy network, such as AOL or MSN, and watch the amount of jamming that occurs on these channels.

IM clients can also be compromised by malicious code, Trojan horse programs, and traditional DoS attacks. IM is supposed to be easy to use, highly interactive, and intuitive for average users. Unfortunately, users frequently do not pay attention to security-related issues when they are using IM.

Most IM systems allow broadcasts and, in fact, sell this capability to businesses. The broadcasting capability allows an attacker to potentially send a "bait message" to millions of people simultaneously throughout the world. These broadcasts may announce free pornography or the opportunity to make millions of dollars in minutes.

When they go to these sites, unsuspecting individuals can be flooded with literally hundreds of windows that open simultaneously on the client system. When the user closes one window, two, three, or more windows open up. In short, this is a DoS attack against a client.

The best protection against this type of attack includes using antivirus software, not visiting sites that are advertised in this manner, and not opening files that are suspicious.

8.3 File Naming

Early PC systems used a standard naming convention for files called the 8.3 format. This format allowed eight characters for the filename and three characters for the file type or extension. Certain file extensions told the operating system to immediately start executing a file (for example, .bat, .com, and .exe).

Modern systems have expanded the 8.3 format to allow longer and user- friendlier filenames. They still maintain the file extension type and hide it from the user. If a file type is indicated as a .jpg file, the system will automatically open the program that has been registered on the system to be associated with the file. Table 4.1 shows some of the more common file types used in PC systems today.

Table 4.1: Common File Types Used in PC Systems

Extension

Type

bat

Batch Files

com

Command Files

exe

Executable Files

js

Java Script

vbs

Visual Basic Script

Many operating systems, including Windows environments, hide the file extension type from the user. A user may receive a file named mycatspicture and assume that this file is a JPG or other picture. Unfortunately, the actual file type is not usually shown to the user when they contemplate opening it. If the file type is an executable or a script file, the file will start executing using the appropriate language or command processor. If this file is a Trojan horse, a worm, or some other form of malicious code, the system has potentially been compromised.

Files can even appear to have more than one file extension. A file may indicate that it is mycatspicture.jpg, while in actuality it is mycatspicture .jpg.exe. This file will start executing when it is opened and has potentially exposed that system to malicious code.

Packet Sniffing

IM traffic uses the Internet and is susceptible to packet sniffing activities. Any information contained in the IM session is potentially vulnerable to interception. Make sure users understand that sensitive information should not be sent using this method.

Packet sniffing is the process of monitoring the data that is transmitted across a network. The software that does packet sniffing is called a sniffer. Sniffers are readily available on the Internet. These tools were initially intended for legitimate network monitoring processes, but they can also be used to gather data for illegal purposes.

Privacy

Privacy is something that many users take for granted. Instant messaging systems were not intended for confidential purposes.

Privacy continues to be a problem in IM systems. Although most IM providers have made improvements in this area, never assume that information being sent using an IM system is private. Attachments, if sensitive, should be encrypted before you send them across an IM system.

One of the common uses of IM is for people to meet each other. These connections may over time become intimate in nature. During this process, people frequently use IM to exchange phone numbers, addresses, and other personal information. If made available to the Internet, this information might create an unsafe situation for one of these individuals. Even the disclosure of an e-mail address could cause an increase in unwanted e-mails from other people on the Internet.

Note 

You will not be tested on the material in the next section on the Security+ exam. However, some of the more common methods used to gain information about your network are discussed, and you should be familiar with them.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net