FaceTimes Guardian Tool Secures IM, P2P

FaceTime Communications Inc.'s IM Guardian is a powerful tool for securing and controlling IM and P2P communications.

FaceTime Communications Inc.s IM Guardian is a powerful tool for securing and controlling IM and P2P communications.

IM Guardian provides enterprises with a powerful perimeter defense mechanism for real-time communications across the firewall. It does so by preventing instant messaging and peer-to-peer applications from unauthorized access to the corporate network through port tunneling and by ensuring that file transfers among IM applications are blocked.

IM Guardian extends the real-time communication management and control capabilities of FaceTimes IM Director, which recently added support for integration with Microsoft Corp.s Office Live Communications Server 2003.

IM Guardian FaceTime

Communications IM Guardian, an add-on to IM Director, addresses the security of real-time communication and collaboration applications across the corporate firewall and provides IT managers with an easy-to-manage system for keeping tabs on usage. IM Guardian pricing is based on the number of systems that access the Internet, and there is a server licensing fee. IM Guardian has an entry price of about $5,000, but that cost will increase sharply for larger deployments.

  • PRO: Strong security tool for the tracking and control of IM and P2P usage; simple management interface; good reporting capabilities.

  • CON: Expensive for large sites.
• Akonix Systems Inc.s Rogue Aware • IMlogic Inc.s IM Manager

IM Director provides a core proxy-based platform for the detection and management of IM usage in enterprise environments. Using IM Director, IT managers can enforce policies for IM usage based on user permissions, quickly map a users public network "buddy names" to the corporate directory and route all internal IM traffic (client-agnostic) within the company firewall.

IM Guardian, meanwhile, is deployed outside the firewall, usually at the DMZ, and monitors all incoming and outgoing traffic while keeping tabs on IM and P2P protocols. IM Guardian enforces connection behaviors at the OSI network Layer 7 (application) level, protecting corporate network vulnerabilities from exploitation.

For example, IM and P2P applications support connections through proxy servers; a technically savvy user could use an IM client such as America Online Inc.s AOL Instant Messenger to tunnel through a nonstandard port to establish an outbound connection through the firewall. IM Guardian would be able to detect an IM application using an unauthorized proxy and block the connection directly.

IM Guardian, which shipped in September, runs on only Red Hat Inc.s Red Hat Linux 9.0. IM Guardian can be deployed on multiple servers for redundancy and load balancing. The standard hardware requirement is a 2GHz Pentium 4 processor, 256MB of RAM and at least 500MB of available hard drive space.

IM Guardians cost is based on the number of systems accessible to the Internet for which traffic is monitored. There is also a license fee for each IM Guardian server deployed. An entry-level deployment of IM Guardian supporting 100 nodes costs about $5,000.

While IM Guardian can be deployed on a stand-alone basis, larger sites will also want to deploy IM Director for the management capabilities it offers. At $7,000 for only 25 users, IM Director is not cheap. Add in the cost of IM Guardian, and large organizations are looking at a significant investment for securing and managing IM usage. Volume discounts are available for large companies.

During tests, installation of IM Guardian was straightforward. IM Guardian comes as a downloaded .tar file; once installed, IM Guardian runs as a proxy service on Linux systems and automatically finds IM Director and its modules on the network, even across firewall network address translation boundaries.

IM Guardian seamlessly integrates with any IM Director system and allows IM usage through those systems.

IM Guardian has two modes of operation. In Discovery mode, IM Guardian will detect all IM usage and log all activities. However, most sites will likely choose to use the Policy Enforcement mode, where security policies are enforced, in addition to usage detection and activity logging.

IM Guardian monitors most public IM and P2P protocols.

During tests, IM Guardian detected every connection made with our IM clients and was able to give us detailed statistics on the sessions. We could also easily configure the blocking of IM usage based on IP address or the port used by the IM client.

IM Guardians Web-browser-based interface also provided detailed reports that were very useful for understanding IM usage across the enterprise.

Technical Analyst Francis Chu can be reached at
francis_chu @ziffdavis.com.