The first step for an enterprise that wants to keep its network free of MSN Messenger, Yahoo Messenger, Skype and...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
other programs of that kind must be to establish an information security policy that outlaws them. Make sure all employees are aware of the policy and the penalties for violating it. In this phase, try to present the logic for the ban: the fact that IM is a serious attack vector, and using it on the network undermines the security and viability of the company.
If any use of these programs is detected after the policy has been publicized, you must then apply the stated penalties. Failure to do so will render the policy moot, undermining efforts to enforce it, either through technology or simple oversight. The good news is that, depending upon your corporate culture, a properly handled policy outlawing IM may solve your problem.
Unfortunately, some companies shy away from a policy approach. To those who don't like personal confrontation, it might seem more appealing to implement bans and other policy decisions by technical means alone. This is a risky strategy, however, that should be avoided for several reasons. Apart from the legal jeopardy already mentioned, it's difficult and taxing to win a war of wills on the technical front. Instant messaging services are adept at evading firewalls. IM clients can automatically adjust their settings to connect to IM servers, even if direct access to those servers is blocked on all network ports. The client will use an HTTP proxy server to pass through the firewall. For more on the technical challenges of controlling IM use, see my previous responses: Can DHCP be used to selectively block instant messaging clients? and How to selectively block instant messages.
You might want to ask why IM should be banned. After all, there are legitimate business uses for IM. One strategy might be to formally implement IM using an enterprise instant messaging (EIM) service. Microsoft's Office Communications Server, for example, not only incorporates IM firewall technologies, but can also integrate access control with Active Directory. This is my preferred security configuration because a proper identity and authentication management system can block specific users or specific groups of users from accessing IM services.
If there is a need to monitor and control IM traffic across an entire network, consider using an application-layer firewall, which controls the traffic to and from a user-defined list of instant messaging server hostnames. You can also try a gateway specifically tuned to detect IM and P2P use, such as the products from FaceTime Communications Inc. and Akonix Systems Inc.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security ...continue reading
An ImageMagick vulnerability known as Yahoobleed could give hackers access to Yahoo servers. Expert Michael Cobb explains the flaw and how Yahoo ...continue reading
Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.