SAN JOSE, Calif., September 25, 2007–Palo Alto Networks’ Application Research Center (ARC) today issued an application alert on Meebo, the popular instant messaging (IM) portal which recently announced file transfer capabilities. Many enterprise organizations have strict acceptable use policies restricting the transfer of files within instant messaging applications and should be aware that Meebo now supports this capability and set and enforce usage policies accordingly.
Alert Detail
Meebo.com enables a flexible way to access multiple IM services without downloading a software client and is the world's fastest growing instant messaging destination according to Nielsen/Netratings (354 percent in the last 10 months). The company also provides Meebo Repeater, which is an SSL proxy that is installed on the user’s PC that will proxy all Meebo traffic, allowing it to bypass URL filtering rules.
On September 10, 2007, Meebo announced that file transfer functionality has been added to the application. Many organizations have strong policies restricting file transfer due to its potential as a conduit for intentional or inadvertent outbound intellectual property loss in addition to representing a backdoor for web-based viruses and malware.
Enterprise Guidance
Meebo is attractive to consumer and business users alike, notably those involved in customer service interactions, and improves productivity in the enterprise by enabling real-time collaborative communications. However, organizations need to be aware of, and monitor closely, applications such as Meebo that because of certain capabilities or characteristics may introduce risk to the business.
For those organizations who have strict policies against non-approved IM software, Meebo should be blocked. As noted above, Meebo Repeater allows users to evade blocking of Meebo.com by URL filtering. As there is no clear business usage of Meebo Repeater, organizations should also look for usage of Meebo Repeater and block it as well.
For those organizations who wish to capitalize on the productivity benefits available via Meebo, while avoiding potential security and compliance challenges, the following measures are recommended:
- Ensure that all usage of Meebo is subject to malware scanning
- Consider blocking individual capabilities such as file transfer, unless absolutely required by a business function.
Application Characteristics
As reflected in Palo Alto Networks’ Applipedia:
|
|
Application: |
Meebo |
Category: |
Instant-messaging |
Risk: |
Level 3 (moderate risk)* |
Standard Port: |
tcp/80 |
Capable of File Transfer: |
yes (added Sept. 10, 2007) |
Used by Malware: |
no |
Excessive Bandwidth Use: |
no |
Evasive: |
yes |
Pervasive: |
yes (estimated 6 million + users) |
Has Known Vulnerabilities: |
no |
Prone to Misuse: |
no |
Tunnels Other Application: |
yes |
|
|
Risk level is calculated based on criteria including known instances of malware transfer, excessive impact on bandwidth or ability to automatically evade detection by using ports/protocols not commonly associated with applications of its type.
About the Application Research Center (ARC)
The Application Research Center is an online resource from Palo Alto Networks that contains up-to-date information on the rapidly evolving application landscape. The Palo Alto application research team is continually tracking the universe of applications traversing enterprise networks, and provides a quick reference resource for the latest news, alerts and analysis. Included in the ARC is the ability to search the Applipedia™ for additional important characteristics of each application that must be considered when developing policies to enable safe and productive application usage within the enterprise.
About Palo Alto Networks
Palo Alto Networks™ enables visibility and policy control of applications running on enterprise networks. Based on innovative App-ID™ application classification technology, the Palo Alto Networks PA-4000 Series is a next-generation firewall that accurately identifies applications – regardless of port, protocol, evasive tactic or even SSL encryption – at 10Gbps with no performance degradation. Enterprises can now set and enforce application usage policies to meet compliance requirements, improve threat mitigation and lower operational costs. The Palo Alto Networks team includes security and networking industry veterans from Check Point, NetScreen, McAfee, Cisco, Juniper and Blue Coat. It is backed by investors Globespan Capital Partners, Greylock Partners and Sequoia Capital. For more information, visit www.paloaltonetworks.com.
###
Palo Alto Networks, the Palo Alto Networks Logo, App-ID, FlashMatch and PAN-OS are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
