Does Instant Messaging Improve Communication Or Threaten Security?
by Dr. Horst Joepen - SVP Strategic Alliances CyberGuard Corporation - Monday, 3 October 2005.
No — the use of special IM and P2P filters allows instant messaging to benefit the company while controlling the security risks that it involves. In order to implement a uniform security policy simply and consistently, the IM filter should preferably be part of a comprehensive, integrated Content Security Management Suite. This enables company, group and user specific configuration of the security profile, and its consistent application to the entire data flow and all standard and ‘wild’ application protocols. A typical ‘policy’ could, for instance, block all IM clients who send requests to unauthorised, public messaging servers, and permit requests only to the company’s own messaging server(s).

It only remains to ask: What are others doing and why do I have to act?

As was also the case with the wave of spam, IM-connected security problems first occurred in the USA. As a result, for instance, Sarbanes Oxley made mandatory the permanent monitoring and protocolling of instant message traffic in all US financial institutions. In current US tenders for content security solutions, the filtering of instant message data flows is a standard requirement. US companies’ were triggered into action by very real breaches of security. Instead of waiting for the wave to break here as it did in the USA, companies in this country should take advantage of the ‘early warning system’ and have their content filtering systems upgraded now – not least because the cost of improving IT security is more than offset by the ensuing increase in productivity.


Thousands of Zhone SOHO routers can be easily hijacked

Security researcher Lyon Yang has released details about a number of vulnerabilities in routers made by California-based Zhone Technologies, the exploitation of some of which can result in the routers being hijacked.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Oct 13th