Security News > 2020 > April > Slack in the security spotlight – lessons for collaboration servers

Slack in the security spotlight – lessons for collaboration servers
2020-04-08 16:02

Most networks these days make do with one IP number that's shared between all the computers on the local network, which make do with so-called "Private IP numbers" that are reserved for internal use only.

Because TURN servers can broker traffic between arbitrary services on arbitrary computers, you don't need to add TURN code to every type of server you run, meaning that you can dedicate TURN servers entirely to their job of "Packet brokering".

This means you can therefore configure and tune TURN your servers for optimum throughput, without worrying if those tweaks would reduce performance for other service types on your network such as web, database and streaming servers.

Peeking into internal Slack resources via Slack's TURN servers in this way is what our intrepid researchers were able to do, two years ago.

If you're a networking person you will probably recognise those ranges anyway - they cover multicast, LAN-only IP numbers, localhost-only IP numbers, autoconfiguration IP numbers, reserved-for-documentation IP numbers and more.


News URL

https://nakedsecurity.sophos.com/2020/04/08/slack-in-the-security-spotlight-lessons-for-collaboration-servers/