Because it can circumvent many existing content-management solutions, instant messaging (IM) is causing security concerns among IT managers, which often leads them to ban its use altogether.
However, IM can have business benefits if used responsibly, because it offers instantaneous communication and immediately indicates whether colleagues are online. What is needed is a way of allowing the use of IM, while controlling it and enforcing rules on employees.
NetIQ's imMarshal for MSN is just such a content security solution, designed to enforce responsible employee use of IM. It provides access management, archiving of chat sessions, protection from viruses, real-time content analysis, file transfer control and activity reporting.
Chat Rules are used to monitor offensive language automatically, using the company's TextCensor lexical analysis technology. The product also allows flexibility in setting individual IM access levels for each user, utilizing Login Rules that specify access to IM based on user, time of day and day of week.
Furthermore, imMarshal can control who employees are allowed to communicate with by managing approved contact lists.
Audio/Visual Rules control users' ability to start audio or visual sessions through MSN Messenger. As with other rules, Audio/Visual Rules can be applied based on the users involved, the time of day and day of week.
File Rules allow control based on file size, type, and virus scanning. ImMarshal's file type checker identifies files by their internal structure, not their extension, so it will not be fooled by renamed files. Examples of file types that may be selectively blocked include executables, documents, images, archives, multimedia files, and so on. Within each category, you can go down to quite fine levels of granularity in blocking files - for example, you can block GIF images, but not JPEGs, if you want to.
The software can also check the content of file transfers using a third-party anti-virus product, and the transfer may be blocked if the result of a scan indicates the presence of a virus.
To maintain high performance, imMarshal supports only DLL-enabled anti-virus software, which currently includes Panda, McAfee (Marshal Integrated McAfee), Norman, and Sophos products.
Furthermore, imMarshal can pass messages through more than one anti-virus scanner to increase security.
The administrator has a real-time view of MSN Messenger activity by user and session type. Email notifications can be sent to the administrator on the occurrence of selected events, such as when inappropriate user action is blocked. Also, you can set up disclaimer notifications to inform participants about company IM policies to ensure that no one can claim ignorance of the rules. For example, it is possible to display a message such as "This session is being monitored and may be recorded."
All user requests are logged, using SQL Server or MSDE, whether successful or blocked, and users' IM chat sessions may also be recorded and archived - an important consideration, because this confers on IM the same level of auditing and recording for legal purposes that organizations now demand for conventional email communications.
Recording of sessions can be triggered by particular rules rather than recording everything, if you wish. Reports and graphs may be generated from the logs, selectively by local user, by remote user, by bandwidth, by browsing time, and so on. These reports can be invaluable for identifying individuals who may be abusing IM.
Server-based gateway solution
The imMarshal program is a server-based gateway solution, which installs as a SOCKS v4 proxy. MSN Messenger clients are pointed at this proxy and all other methods
of accessing the MSN Messenger servers are closed off by reconfiguring your existing firewall to block all outbound TCP connections on port 1863 (MSN Messenger port) except those from the imMarshal server.
This ensures that all IM traffic passes through imMarshal. Proxying of other internet protocols can be employed on the same server by installing WebMarshal, another NetIQ product. Users can be assigned to user groups using .NET Passport email addresses and, to facilitate quick set up, users can be collected from actual traffic or entered using wildcards.
User groups make setting up imMarshal for large numbers of users easy by containing sets of users with similar IM permissions. Configuration information, including groups and rules, may also be imported or exported to XML files.
Installation is completely straightforward and does not even require a reboot. Configuration is particularly easy using intuitive drag-and-drop and cut-and-paste methods. The policy definitions are displayed in plain language, so you do not have to get to grips with any new terminology. There is a Rules Wizard that leads you through the configuration process quickly.
Minimum recommended system requirements are Pentium III 400, 4GB HD and 256MB RAM hardware to support up to 500 concurrent sessions. More concurrent sessions can be supported with additional RAM. The operating system must be Windows 2000 Server, Windows XP Professional, or Windows Server 2003.
Further minimum software requirements include Internet Explorer 5.x; SQL Server 2000, SQL Server 7, or Microsoft Database engine; MDAC (Microsoft Data Access Components) 2.5; and Microsoft Management Console (MMC) 1.2.
This has been well designed to provide exactly the controls that administrators need to allow the productive use of IM technology while denying users the ability to abuse IM. It allows full and flexible control of the security risks posed by permitting IM.