Seven turns to Blue for secure Yahoo Messenger
Seven Network has increased visibility of instant messaging (IM) and closed potential IM-related security holes after a corporate directive forced the IT team to develop a more disciplined approach to managing the largely unregulated technology.
Impetus for the project came after Seven entered into its Yahoo7 joint venture with media giant Yahoo. Amongst the many changes this wrought within the company was a simple mandate that Seven Network's 2100 employees standardise on Yahoo Instant Messenger software.
While logical on the surface, this presented all sorts of problems for the network's security, said network telecommunications and IT infrastructure manager David Watts. "Yahoo IM is not an enterprise type of product," he explained. "It is a consumer product, and it wasn't able to be reported upon or looked at. And previously, you've had to open up everything in your proxy servers and firewalls to allow it."
The mandate coincided with an effort to step away from separate Microsoft Windows proxy servers, which had proved complex and labour-intensive to manage. In an effort to improve the reliability of its proxy capabilities, Seven Network turned to Blue Coat Systems, whose Blue Coat SG network appliances provide a scalable proxy server, traffic management, and other network security features.
Working with a team from systems integrator Dimension Data, Seven Network technical staff bought a test Blue Coat SG proxy, configuring and testing it before implementing it across the network. The server was configured to filter Seven Network's dual Internet connections, which provide redundant access to the outside world but also offered significant opportunities for abuse.
While implementation required a relatively small effort, it made a big difference in the way various types of Web traffic were handled across the company's network. One major improvement, for example, is that other types of IM clients can be blocked completely, allowing the enforcement of the Yahoo IM only policy and limiting exposure to unknown applications. Yahoo IM traffic can also be logged and monitored, although Watts said this is more of an afterthought since the platform has yet to enjoy heavy usage across the company.
Managing Web access was a slightly more complicated effort: the idea of blanket filters on content is somewhat contradictory to the principles of a media company. So while the Blue Coat proxy appliance can filter content quite selectively, Seven opted not to block sites but instead to display a splash screen, whenever users try to access inappropriate content, that warns users they are being monitored.
"We've had no real push back after doing that," said Watts. "Being a media company, we don't block sites. But it's just about people being aware that their usage is being looked at."
Although the project was initially about implementing less complex proxy servers, the new appliances' management capabilities have become important tools in managing the utilisation of video content from sites such as YouTube. With Seven Network's entire VoIP-based voice infrastructure running over the same data network, video-led spikes in network usage needed to be managed.
In the long term, Seven Network is considering ways to add WAN optimisation to the appliance, which has proven itself a worthy replacement for the standalone Windows server of the past. "It has all been a learning experience for us," said Watts. "Experience and exposure to this has helped as we've gone along. Now, with the appliances in place, if any [threats] come along we can manage them more and reduce those risks."