The first step for an enterprise that wants to keep its network free of MSN Messenger, Yahoo Messenger, Skype and...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
other programs of that kind must be to establish an information security policy that outlaws them. Make sure all employees are aware of the policy and the penalties for violating it. In this phase, try to present the logic for the ban: the fact that IM is a serious attack vector, and using it on the network undermines the security and viability of the company.
If any use of these programs is detected after the policy has been publicized, you must then apply the stated penalties. Failure to do so will render the policy moot, undermining efforts to enforce it, either through technology or simple oversight. The good news is that, depending upon your corporate culture, a properly handled policy outlawing IM may solve your problem.
Unfortunately, some companies shy away from a policy approach. To those who don't like personal confrontation, it might seem more appealing to implement bans and other policy decisions by technical means alone. This is a risky strategy, however, that should be avoided for several reasons. Apart from the legal jeopardy already mentioned, it's difficult and taxing to win a war of wills on the technical front. Instant messaging services are adept at evading firewalls. IM clients can automatically adjust their settings to connect to IM servers, even if direct access to those servers is blocked on all network ports. The client will use an HTTP proxy server to pass through the firewall. For more on the technical challenges of controlling IM use, see my previous responses: Can DHCP be used to selectively block instant messaging clients? and How to selectively block instant messages.
You might want to ask why IM should be banned. After all, there are legitimate business uses for IM. One strategy might be to formally implement IM using an enterprise instant messaging (EIM) service. Microsoft's Office Communications Server, for example, not only incorporates IM firewall technologies, but can also integrate access control with Active Directory. This is my preferred security configuration because a proper identity and authentication management system can block specific users or specific groups of users from accessing IM services.
If there is a need to monitor and control IM traffic across an entire network, consider using an application-layer firewall, which controls the traffic to and from a user-defined list of instant messaging server hostnames. You can also try a gateway specifically tuned to detect IM and P2P use, such as the products from FaceTime Communications Inc. and Akonix Systems Inc.
Dig Deeper on Social media security risks and real-time communication security
Related Q&A from Michael Cobb
A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to ...continue reading
The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the ...continue reading
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.