Information Security Issues for Instant Messaging

By | May 20, 2005

In today’s fast-moving business environment, Instant Messaging offers a number of advantages, such as sending e-mails, transfer file etc. Because IM uses Peer-to-Peer technology to enable direct communication, it can allow hackers to bypass firewalls and access IT systems and has the potential to threaten your entire network with a whole raft of security attacks.

A key concern with IM is the lack of encryption for data sent across the network, allowing attackers to view sensitive information. Instant Messaging, usually based on HTTP protocol, creates issues for server-based anti-virus systems, which do not monitor IM traffic. This could allow worms to propagate inside the network.

What can you do about IM? There are plenty of things to be done to make the use of IM more secure in business environments:

Encrypt Data – Deploy encrypted IM services, or choose an IM client that is compatible with some of the major networks.

Scan for Viruses – Consider employing a system that scans content exchanged over IM, just as you would for files shared via email.

Establish an IM Usage Policy – A corporate policy will show users the acceptable bounds of IM use – including permitted services and monitoring practices – whilst highlighting the company´s legal position.

Log IM Communications – Keeping records of IM access and message flow will link traffic back to specific users, which can be an invaluable aid to enforcing IM usage policies.

Deploy Desktop Protection – Local AV and firewall software will add an extra line of defense against IM attacks.

“IM is rapidly becoming commonplace, and used sensibly it provides great benefit to any organization,” explains Mark Stevens, Chief Strategy Officer, WatchGuard Technologies. “Implementing an effective policy to govern IM use, by following the tips we´ve outlined below, will enable businesses to enjoy these many advantages whilst minimizing the risks.”

Leave a Reply