Home page logo

basics logo Security Basics mailing list archives

Re: Survey: Chat and IM
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Mon, 25 Nov 2002 16:48:16 -0500

We currently are allowing web based chat and instant messaging.  I know
that there are lots of security issues involved with its usage.  The IT
folks are telling me that it is a common practice in the industry.  I
have a hard time believing this and this is one battle I would like to
take on.

Same argument: sh*t must taste good. billions of flies can't be wrong.

However, approach this battle carefully. Ask, what the business
requirements are to use IM. There may be some valid reasons (collaboration
with remote offices ...). If there are none, try to find existing policies
that may apply (personal phone calls...). If there are valid business 
reasons, try to offer alternatives (jabber...)

If you use this to sharpen your 'battle skills', try to approach this
from a positive site. Basically, try to find out how IM is used and
try to find alternatives that work better to fulfill this function.
If there is no business need, explain to management how it lowers
productivity and increases risk. Try to make it so you end up solving 
a problem and try to avoid just being the nay-sayer.

jullrich () euclidian com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]