August 25, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
It's free and useful.
It only detects the more common IM services.
A useful tool that could provide early warning of security problems.
Akonix's RogueAware software is a free utility that can be used to monitor Instant Messenger and P2P activity on a network. It can detect activity on AOL, MSN, ICQ and Yahoo! services and provides useful traffic statistics.
Its primary purpose is to help system administrators to evaluate the activity on their systems, with a view to purchasing suitable software to control it.
Obviously, Akonix is hoping that its software would be the product of choice, and the interface does provide a number of hints in this direction.
The software installs itself as a Windows service, and communicates through a web browser. It accumulates counts of logins, messages sent and received, and files sent and received on a daily and cumulative to date basis, categorized by service.
The software can also produce simple reports in html format that can be saved and printed for later reference. It is also possible to create an email message that contains summary information.
There is an online help system, which deals with installing and using the software, with a useful section dealing with known issues that could affect the accuracy of the traffic statistics.
Since RogueAware installs itself as a web server, it can be accessed from anywhere in the network simply by pointing a web browser at the server's IP address.
It will disable any web services that might be running on the system while it is installed, although it is possible to change the default port from port 80 if required.
The software can only function correctly if it can monitor all the network traffic, and so it needs to be installed on a system that connects to either a switch with a monitor port or to a hub. The system's Ethernet card needs to be operating in promiscuous mode.
Obviously, the system has some limitations, it only monitors the most common IM clients, for example, and there is no way to determine where the traffic originates from, but that does not detract from its usefulness.
Simply by detecting and then reporting the existence of IM and P2P traffic it might reveal a previously unsuspected security gap, and that information is invaluable.
It would always be possible to set up packet-sniffing software to discover the sources of the traffic once you are aware of the existence of the problem.
Sign up to our newsletters
SC Magazine Articles
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- Data at risk for 9,000 individuals following unauthorized access to SRI Inc. website
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure