How To Protect Against Instant Messaging Vulnerabilities: Blocking Google Talk
| Check Point Reference: | SBP-2006-02 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | SmartDefense Research Center | |
| Industry Reference(s): | CVE-2005-3899 CVE-2005-3678 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows operating systems | ||
| Vulnerability Description Google Talk is an application used to call or send instant messages for Microsoft Windows operating systems. Instant messaging applications may risk an organization's security in the following ways: 1. Vulnerabilities in IM applications could be exploited to compromise a user's system (i.e MSN Messenger PNG image processing). 2. An important capability of IM is file transfer that could be exploited by worms to infect a user's system. 3. Using voice data along with file transfers may result in excessive bandwidth utilization. SmartDefense allows you to block Google Talk on standard and non-standard ports as well as to block its Web interface. |
||
|
Vulnerability Details SmartDefense allows you to block Google Talk in the following ways: 1. Blocking Google Talk on its default ports 5222/tcp and 5223/tcp. 2. Blocking Google Talk connections generated by non-Google Talk clients on ports SSL/443 and HTTP/8080. 3. Blocking Google Talk via the Web version of Google Talk. This interface allows a user to use Google Talk without installing the IM client on his system. |
Protection Overview
Check Point has provided several Google Talk protections:
Blocking Google Talk via Gmail Web interface (Update from Match 20, 2006)
Similarly to other instant messaging applications, Google has added a Web version of Google Talk whereby a user does not need to install the IM client on his system. The update enables to block Google Talk via the Gmail Web interface based on a specific Worm Catcher pattern. This update applies to VPN-1 NGX R61 and InterSpect NGX.
Blocking Google Talk connections from non-Google Talk clients (Update from January 24, 2006)
The update enables you to block Google Talk connections coming from non-Google Talk clients. This inspection is performed on ports 5223, SSL/443 and HTTP/8080.
Blocking Google Talk traffic over default Google Talk ports: Update from November 30, 2005 (CPAI-2005-151)
The Update identifies the Google Talk protocol and blocks Google Talk traffic on its default ports 5222/tcp and 5223/tcp.
To configure the defense, select your product from the list below and follow the related protection steps.
Additional Information
SANS Top Internet Security Vulnerabilities