10 of 10 people found the following review helpful:
4.0 out of 5 stars
Providing An IM/P2P Technical Foundation, December 15, 2005
This review is from: Securing IM and P2P Applications for the Enterprise (Paperback)
There are two schools of thought on allowing the use of public instant messaging (IM) and peer-to-peer (P2P) applications in the business enterprise. One, that I subscribe to, is that you just do not do it. There are too many risks that make it problematic, even if you feel they can be managed. Another school of thought says "sure, we can manage the risks associated with that". So enter into the discussion Paul Piccard's "Securing IM and P2P Applications for the Enterprise" (Syngress Press, 2005, 454 pages, ISBN 1597490172). While not being as complete as I would like it to be, it provides enough foundation information to suit the needs of either point of view.
The book is broken down into 16 chapters, with each chapter focusing on a specific piece of software or technology. Part I focuses in instant messaging. The first chapter gives an overview of the instant messaging "market", the players, and the risks of instant messaging. There is nothing ground breaking here that is not covered in more depth and detail elsewhere, but it fives an effective overview. The remaining 6 chapters focus on the different instant messaging services/clients. An overview is provided on the architecture and protocols associated with the client. Also addressed is features, client information, security information and malicious code threats. Unfortunately, no where in the text does the author address user awareness and education, which are critical.
Part II of the book covers P2P Networks. These 5 chapters cover the major P2P clients, their history, how they work, and the threats to the enterprise. They do a much better job than they did in Part I, but again do not address user awareness and education. Part III covers Internet-Relay Chat (IRC), its history, how it works and security issues. In a way, I wish the author had just said up front to never allow IRC to be used in the enterprise. There are just too many risks beyond security associated with IRC.
Who Should Read This Book
This book should be read by anybody who wants to get a deeper technical understanding of IM and P2P applications. Because the author may have focused too much on technology, with not enough focus on policy development, user education, and awareness. It is for this reason that anybody who purchases this book should also buy Nancy Flynn's "Instant Messaging Rules" as a companion read.
The Scorecard
Par on an average Par 4.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
6 of 6 people found the following review helpful:
4.0 out of 5 stars
Great resource for securely deploying IM, December 28, 2005
This review is from: Securing IM and P2P Applications for the Enterprise (Paperback)
Noted security veteran Bruce Schneier has observed that for those organizations that have incorrectly deployed cryptography, it is akin to putting a big flagpole in front of your facility and hoping that it will stop any attackers from breaking in. Of course, any attacker with intelligence will simply go around the flagpole rather than running into it."
Similarly, many organizations have deployed myriad security hardware and software products in their infrastructure. But when it comes to instant messaging and peer to peer applications, these applications often execute below the radar of many security products. This is due to the fact that the security infrastructure in many organizations was not architected to deal with such applications. These applications often have so much functionality that it obviates much of the security afforded by the security hardware and software products.
Using file transfer as an example, many organizations have policies and controls in place to stop the use of protocols such as ftp and tftp. This is fine, but that will only work for the ftp protocol. File transfer can still be carried out by most instant messaging clients, and that can pose serious security risks.
With that, Securing IM and P2P Applications for the Enterprise provides an excellent overview on how to handle, manage and secure IM, P2P, and IRC applications. This book is written for security and system administrators that need specific details on how to control and secure IM, P2P and IRC applications in their organization.
The need to get a handle on IM and P2P is crucial given that IM has turned into a global communications medium with most organizations today reported that they allow it for business usage. Many marketing and technical support calls are now handled via IM and this translates in to well over 250 million IM users worldwide. P2P is great for downloading music and movies, but that that poses serious security and legal liability risks when done on most corporate networks.
But with all the benefits that IM provides, it introduces many security and privacy risks. IM viruses, identity theft issues, phishing, spyware and SPIM (SPAM over IM) are just a few of the many risks. These risks can turn into intellectual property losses and legal liability issues especially when they are combined with targeted attacks on corporate IM users. Companies that don't have an effective way in which to deal with IM and P2P are in serious danger as most IM and P2P threats fly under the radar of many traditional security solutions.
The book has a fairly straightforward approach. Chapter 1 provides an introduction to IM and the most common security issues that IM brings into an organization. The bulk of the remainder of the book details various different IM applications in Part 1 (AIM, Yahoo, MSN, ICQ, Google, Skype), P2P applications in Part 2 (Gnutella, eDonkey/eMule, BitTorrent, FastTrack) and IRC networks and applications in Part 3.
Each chapter details the specific architecture of each application, its protocols, security issues, and solutions in which to secure the application. System administrators can use many of the checklists to quickly perform the initial steps necessary to secure their organization from unauthorized IM, P2P, and IRC applications.
Each chapter also provides significant details about the internals on how each application operates. In addition, various 3rd-party tools that can be used to secure and limit the various applications are listed.
Many companies are finding that a significant amount of their bandwidth is being used by P2P applications and Part 2 describes how to secure networks from the use of P2P applications. This is not always an easy thing to carry out given that many P2P applications, such as Gnutella are designed to easily bypass many of the security control mechanisms placed against it. Administrators will find that in this case, simply blocking Gnutella ports will not block all Gnutella traffic and the application still will be able to run. What is required in this case is the use of a firewall that supports deep packet inspection. Chapter 9 helpfully lists the commands to use when using iptables to block Gnutella traffic.
Chapter 12 provides an interesting look at FastTrack, which is the P2P protocol and network used by clients such as Grokster, Morpheus and other file sharing programs. The chapter also uses Ethereal to detail the internals of FastTrack.
Part 3 deals with IRC and is the sparsest part of the book. This is due to the fact the P2P and IM are much more heavily used on enterprise networks, which this book is geared to.
The only negatives about the book are its price, and some of its formatting. At $49.95, it is on the higher-end of computer security books, with the majority of such titles being in the $25.99 - $39.99 range. The formatting uses a font size that is somewhat larger than other book. This seemingly serves to achieve a high page count.
In addition, the book often references tables of secondary information that spans a few pages (for examples see pages 72-80, 115-120 and more). Such information would be better served in a multiple-column table in a smaller font. Printing the information in such a manner can cut down on the page total, and save a few trees at the same time.
Besides those two minor issues, Securing IM and P2P Applications for the Enterprise is a most helpful guide. Security and system administrators can use the book to get a handle on the increasing number of IM, P2P, and IRC applications that are found on the corporate networks they support.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
5 of 5 people found the following review helpful:
5.0 out of 5 stars
Great source of information on IM and P2P security, December 30, 2005
This review is from: Securing IM and P2P Applications for the Enterprise (Paperback)
This book is a great source for information on the dangers of instant messaging and p2p networks. Although this material can apply to personal use, it is geared more towards system administrators and networked environments.
The structure of the book is very well laid out, giving you the ability to jump from product to product or area of interest (such as AIM, eDonkey, or IRC as a whole). This approach makes it easy to locate the information you are looking for quickly, making it an excellent reference. The author has done a great job in being realistic is the approach to these systems. Rather than totally restricting their use, this book helps you to live with these systems, recognizing that they are often used or required for businesses.
If you are running a network, you almost definitely have this type of traffic on it. This book is definitely an excellent resource with large amounts of information on multiple types of systems
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
