August 25, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
It's free and useful.
It only detects the more common IM services.
A useful tool that could provide early warning of security problems.
Akonix's RogueAware software is a free utility that can be used to monitor Instant Messenger and P2P activity on a network. It can detect activity on AOL, MSN, ICQ and Yahoo! services and provides useful traffic statistics.
Its primary purpose is to help system administrators to evaluate the activity on their systems, with a view to purchasing suitable software to control it.
Obviously, Akonix is hoping that its software would be the product of choice, and the interface does provide a number of hints in this direction.
The software installs itself as a Windows service, and communicates through a web browser. It accumulates counts of logins, messages sent and received, and files sent and received on a daily and cumulative to date basis, categorized by service.
The software can also produce simple reports in html format that can be saved and printed for later reference. It is also possible to create an email message that contains summary information.
There is an online help system, which deals with installing and using the software, with a useful section dealing with known issues that could affect the accuracy of the traffic statistics.
Since RogueAware installs itself as a web server, it can be accessed from anywhere in the network simply by pointing a web browser at the server's IP address.
It will disable any web services that might be running on the system while it is installed, although it is possible to change the default port from port 80 if required.
The software can only function correctly if it can monitor all the network traffic, and so it needs to be installed on a system that connects to either a switch with a monitor port or to a hub. The system's Ethernet card needs to be operating in promiscuous mode.
Obviously, the system has some limitations, it only monitors the most common IM clients, for example, and there is no way to determine where the traffic originates from, but that does not detract from its usefulness.
Simply by detecting and then reporting the existence of IM and P2P traffic it might reveal a previously unsuspected security gap, and that information is invaluable.
It would always be possible to set up packet-sniffing software to discover the sources of the traffic once you are aware of the existence of the problem.
Sign up to our newsletters
SC Magazine Articles
- Popular adult website XTube compromised, delivers malware
- Android vulnerability leaves apps open to malicious overwriting
- One in three of the top million websites are 'risky,' researchers find
- Orgs predict $53M risk, on average, from crypto key, digital cert attacks
- Hanjuan Exploit Kit leveraged in malvertising campaign
- Report: 71 percent of orgs were successfully attacked in 2014
- Self-deleting malware targets home routers to gather information
- 'PoSeidon' point-of-sale malware targets payment card information
- Amedisys notifies nearly 7,000 individuals of potential breach
- Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014
- The best defense is a good offense: The importance of securing your endpoints
- British Airways says rewards accounts hacked, locked down
- Documents on NSA's zero-day policy provide little insight, EFF says
- GitHub on DDoS alert, efforts to curb its largest attack continue
- Shadow data: The monster that isn't just under your bed