Security Best Practice: Blocking QQ Instant Messenger
| Check Point Reference: | SBP-2007-10 | |
| Date Published: | ||
| Severity: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? QQ Instant Messenger users | ||
| Vulnerability Description Instant Messaging applications allow communication and collaboration between Internet users using various modes of communication, including instant messages exchange, voice and video, application sharing, white board, file transfer and remote assistance. QQ is a common Instant Messenger in East Asia. This freeware allows instant peer-to-peer file transfers, SMS sending and chatting with online friends. |
||
|
Vulnerability Details Some organizations prefer to prevent their employees from using Instant Messaging applications, since many Instant Messaging applications are prone to multiple vulnerabilities. The impacts of these vulnerabilities could range from modifying data in a victim's friend list, to a denial of service attack, to the execution of malicious code on a victim's system. In addition, Instant Messaging capabilities such as file transfer are a potential source of virus and worm infections. |
Protection Overview
By enabling this protection, SmartDefense will block attempts by QQ Instant Messenger to connect to server.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R65 & R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Instant Messengers > QQ Instant Messenger.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: QQ Instant Messenger
Attack Information: QQ Instant Messenger Blocked
VPN-1 NGX R61 & R60
How Can I Protect My Network? QQ Instant Messenger
1. In the SmartDefense tree, click Application Intelligence > Instant Messengers.
2. Select the following:
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: QQ Instant Messenger
Attack Information: QQ Instant Messenger Blocked
InterSpect NGX
How Can I Protect My Network? QQ Instant Messenger
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > Instant Messengers.
3. Select the following protection:
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: QQ Instant Messenger
Attack Information: QQ Instant Messenger Blocked