CISSP · Question #1127
An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
The correct answer is C. IM clients can utilize random port numbers.. Securing IM traffic at the network perimeter is most challenging because IM clients can dynamically use random or non-standard ports, making traditional port-based firewall rules ineffective.
Question
An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
Options
- AIM clients can interoperate between multiple vendors.
- BIM clients can run without administrator privileges.
- CIM clients can utilize random port numbers.
- DIM clients can run as executable that do not require installation.
How the community answered
(42 responses)- A7% (3)
- B2% (1)
- C74% (31)
- D17% (7)
Why each option
Securing IM traffic at the network perimeter is most challenging because IM clients can dynamically use random or non-standard ports, making traditional port-based firewall rules ineffective.
Interoperability between vendors is an administrative and policy concern but does not directly enable IM traffic to evade perimeter security controls such as firewalls or proxies.
Running without administrator privileges affects endpoint security and software restriction policies, but does not prevent a perimeter firewall from inspecting or blocking the network traffic the IM client generates.
IM clients that utilize random or dynamically assigned port numbers can bypass perimeter firewalls that rely on static port-based ACLs or rules, since those controls cannot anticipate which port the traffic will traverse. This technique, sometimes combined with HTTP/HTTPS tunneling, makes deep packet inspection or application-aware firewalls necessary to enforce policy. Without such controls, the organization cannot reliably block or monitor IM traffic at the perimeter.
Portable executables that do not require installation complicate endpoint software control, but the traffic they produce can still be filtered at the network perimeter if it uses known or static ports and protocols.
Concept tested: IM traffic evasion of perimeter firewall controls
Source: https://www.cisco.com/c/en/us/products/security/what-is-next-generation-firewall.html
Topics
Community Discussion
No community discussion yet for this question.