IT Observer - Information Security Issues for Instant Messaging

Advertise
Contact
SecurityWatch

GFI MailArchiver for Exchange - Easily archive Exchange Server mail & comply with Sarbanes Oxley - Free evaluation available.

Network Security Software - Sponsored by GFI Network Security.

Nortel: Get a free VoIP non-obligation assessment

Information Security Issues for Instant Messaging
Author: IT-Observer Staff
Friday, 20 May 2005, 14:02 GMT

In today’s fast-moving business environment, Instant Messaging offers a number of advantages, such as sending e-mails, transfer file etc. Because IM uses Peer-to-Peer technology to enable direct communication, it can allow hackers to bypass firewalls and access IT systems and has the potential to threaten your entire network with a whole raft of security attacks.

A key concern with IM is the lack of encryption for data sent across the network, allowing attackers to view sensitive information. Instant Messaging, usually based on HTTP protocol, creates issues for server-based anti-virus systems, which do not monitor IM traffic. This could allow worms to propagate inside the network.

What can you do about IM? There are plenty of things to be done to make the use of IM more secure in business environments:

Encrypt Data – Deploy encrypted IM services, or choose an IM client that is compatible with some of the major networks.

Scan for Viruses - Consider employing a system that scans content exchanged over IM, just as you would for files shared via email.

Establish an IM Usage Policy - A corporate policy will show users the acceptable bounds of IM use - including permitted services and monitoring practices - whilst highlighting the company's legal position.

Log IM Communications - Keeping records of IM access and message flow will link traffic back to specific users, which can be an invaluable aid to enforcing IM usage policies.

Deploy Desktop Protection - Local AV and firewall software will add an extra line of defense against IM attacks.

"IM is rapidly becoming commonplace, and used sensibly it provides great benefit to any organization," explains Mark Stevens, Chief Strategy Officer, WatchGuard Technologies. "Implementing an effective policy to govern IM use, by following the tips we've outlined below, will enable businesses to enjoy these many advantages whilst minimizing the risks."

Monday, May 23, 2005

Network Security

·	Hackers get tricky with pharming
·	Hiring a hacker? Think again, experts warn
·	Why security vulnerabilities expand beyond operating system, enterprise
·	How Dangerous Was The Cisco Code Theft?

Wireless Security

·	picoChip, Hifn unveil WiMAX basestation reference
·	Why wireless devices must be connected to critical applications
·	Securing 'strange' Wi-Fi devices
·	IT giants fight wireless patent

InfoSec Directory

·	Phishing attacks and countermeasures
·	Overview of image security techniques with applications in multimedia systems
·	Inoculating SSH Against Address-Harvesting Worms
·	What is the point of encryption if you don’t know who for?

Press Releases

·	nCipher helps combat phishing attacks with Chip and PIN
·	LANDesk Named to 2005 Red Herring Top 100
·	HP Simplifies Business Protection for Small and Mid-size Businesses with New Smart Office Program
·	Clifford Chance appoints Redbus Interhouse to Provide Pan-European Services

:: ::