How to protect your IM infrastructure

  • Article

After reading about the latest worm to infect public IM networks, I wanted to quickly post about how enterprises can protect their LCS infrastructure from these attacks.

We have a free tool for LCS called the Intelligent Message Filter

The Intelligent Instant Message Filter program helps protect your Microsoft Office Live Communications Server deployment against the spread of the most common forms of virus with minimal degradation to the user experience.

The Intelligent Instant Message Filter program is a managed program that can be installed on the following Live Communications Server roles:

  • Live Communications Server 2005 with SP1, Standard Edition
  • Live Communications Server with SP1, Enterprise Edition
  • Live Communications Server with SP1, Access Proxy
  • Live Communications Server with SP1, Proxy Server

Live Communications Server with SP1 is the minimum version required. The Intelligent IM Filter is not supported on Live Communications Server 2005 without SP1.

The Intelligent Instant Message Filter program enhances the functionality of the IMFilter program, which is installed by default on all Live Communications Servers with SP1, by providing the following:

  • Enhanced URL filtering
  • Enhanced file filter control
  • Logging capabilities
Enhanced URL Filtering

By using the Intelligent Instant Message Filter program, you can configure URL filtering based on the following options available on the URL Filter tab:

  • Allow hyperlinks to be sent in any conversation. If this option is selected, the hyperlink is active (clickable) or inactive depending on the client configuration. By default, URLs are sent as inactive in Microsoft Office Communicator 2005. The client behavior can be controlled by a GPO policy.
  • Allow local intranet URLs. If this option is selected, local intranet URLs are permitted in instant message conversations, regardless of the other settings. Be aware that local intranet URLs are defined on each individual Live Communications Server in the Internet Explorer security tab. This Internet Explore setting on each Live Communications Server determines what types of links the server recognizes as an intranet link.
  • Block all intranet and Internet hyperlinks that contain any of the file extensions defined on the File Transfer Filter tab. If this option is selected, the Intelligent IM Filter blocks any active intranet or Internet hyperlink that contains a file with an extension listed on the File Transfer Filter tab. When the instant message is blocked, an error message is returned to the sender.
  • Block instant messages that contain hyperlinks. If this option is selected, Intelligent IM Filter blocks the delivery of any instant message that contains a hyperlink, and an error message is sent back to the client. This is the behavior of the IMFilter program, which is installed by default with Live Communications Server 2005 with SP1.
  • Allow instant messages that contain hyperlinks, but convert the link to plain text. If this option is selected, the program prefixes the hyperlink with an underscore so the hyperlink is not functional and the user cannot click it. Instead, the user must copy the URL, remove the underscore, and paste it into a Web browser to access the site. When you select this option, you can also customize a notice that is sent to users at the beginning of each instant message containing a hyperlink.
  • Allow instant messages that contain active hyperlinks If this option is selected, the Intelligent IM Filter permits instant messages with active hyperlinks. You can also configure a warning that you want to insert at the beginning of each instant message to notify users of the potential danger of clicking on a link.
Enhanced File Transfer Control

The Intelligent IM Filter program controls how file transfers are enabled in a Live Communications Server deployment. The file transfer feature can also be disabled on the client using a GPO policy.

The following options are available on the server side using the Intelligent IM Filter:

  • Allow any file transfer request through the server: If this option is selected, file transfer filtering is disabled, and any file transfer request going through the server is routed.
  • Block file transfer requests for specific file extensions: If this option is selected, the administrator can specify file extensions that should be blocked by the server in file transfer requests. File transfer requests that contain defined file extension are blocked by the server, and an error message is returned to the client.
  • Block ALL file transfer requests: If this option is selected, all file transfer requests are blocked by the server.
Logging Features

Live Communications Server 2005 Intelligent IM Filter offers logging capabilities so that you can monitor the SIP messages

 

In addition to the capabilities provided by the Intelligent Message Filter, we also have advanced anti-virus capabilities with Antigen for LCS.