Security takes a backseat in many instant messaging clients. Without security mechanisms in place, it can allow...
the unfettered transmission of confidential files, malicious code and inappropriate content for which an organization can be held liable.
"It's a pretty powerful platform for worms and other malicious code," said Gerhard Eschelbeck, CTO of Qualys Inc. in Redwood Shores, Calif. "It's very hard for IT environments to control the usage of instant messaging because it can use the tiniest holes to communicate with its services.
"A vulnerable IM architecture can give access to a lot of interconnected systems," Eschelbeck added.
Enterprise IM offers clear benefits: enriched communications with other users around the world at no cost and rapid information dissemination. Meta Group analyst Matt Cain pegs sanctioned IM at less than a 17% corporate penetration rate, while Sybari Software Inc. said more than 90% of enterprises are using IM.
"Sanctioned or otherwise, IM use will continue, leaving it to network admins to develop and implement policies and procedures that will protect users' privacy and the integrity of their enterprises," said Tom Buonciello, direct of product development at New York-based Sybari. "Make policy, not war. Instead of banning IM, embrace it, develop specific policies for IM and use tools to help enforce the policies."
Buonciello said he's concerned about information leakage and legal compliance. Also, "IM allows users to subvert established policies and is definitely becoming a concern for enterprise clients."
In a recent webcast on IM threats, Cain said, viruses, worms, malicious code and spam can be prevented by client/gateway filtering; Trojans, hijacking and denial of service can be mitigated by a proxy server/firewall; and information disclosure prevented by content filtering.
Cain recommends some best practices for IM management:
- Deploy IM antivirus software to protect against corporate network attack.
- Block file transfer services to minimize exposure to viruses and protect against information security leaks.
- Identify spammers and block unwanted messages at the network level.
- Flag messages containing "sensitive" keywords [e.g. development project code names].
- Facilitate blocking of IM service by user, department or directory and shut off public networks if a security breach is detected.
- Establish searchable archives by participant, via keyword or date [for security/knowledge management reasons] with requisite security/privacy parameters.
- Support enterprise and public IM protocols.
- Establish archival services to meet SEC, NASD, NYSE, HIPAA and government Freedom of Information Act regulations if appropriate.
- Create audit reports and statistics to meet compliance requirements.
Earlier this year, Cupertino, Calif.-based Symantec Corp. said its tests indicated an IM virus could infect as many as half a million users in as little as 30 to 40 seconds.
"IM can present a fairly significant security issue, particularly as many organizations don't have tight control over IM use in their organizations," said Gregg Mastoras, a senior security analyst at Sophos Inc. in Lynnfield, Mass. "In the absence of greater control of enterprise IM, network administrators should ensure that their desktop AV is equipped and enabled to monitor IM traffic as well as e-mail and HTML."