>

Most Viewed Networking Devices:

  1. Small business firewalls
  2. Computer networking hardware
  3. High speed gigabit PCI adapter
  4. USB 3.0 PCI Card for Super Speed Data Transfer Rate
  5. Small Business Computer Network with Apple Mac Mini Server
  6. NSA 240 Sonicwall Small Business Network Security
  7. Cisco WRVS4400N Wireless Security Router
  8. Cisco RV 120W Wireless-N VPN Firewall and VLAN Router
  9. Cisco RV016 Multi WAN Router For Small Business
  10. Cisco RV220W Small Business Router
  11. Cisco RV082 Dual WAN VPN Router
  12. Edimax EnduraLINK ER-1088 Multi WAN Routers
  13. TL-R4299G Dual WAN Router for Internet Café
  14. New WNDR4500 N900 Vs Tew-692GR N900 Routers
  15. Netgear WNDR4000 and WNDR3800 Dual Band Routers
  16. Linksys E2500 Advanced Dual Band Router Vs E2000
  17. Linksys E-4200 Dual Band Gigabit Router

Most viewed Security Management:

  1. Information security management
  2. Firewalls Security Guidelines
  3. Business Continuity and Disaster Recovery Planning
  4. An Example of LAN Network Risk Assessment
  5. Information security policy guidelines
  6. Network Security Best Practices
  7. IT Security Risk Assessment

Most Viewed Networking Concepts:

  1. Local area network topology
  2. LAN Cable - standard deployment
  3. Easy way to calculate subnet mask
  4. VLAN tutorial
  5. WAN technologies
  6. Route summarization
  7. Understanding firewall with DMZ

 
«  
  »

Instant Messaging Security


The security and integrity of information via Instant Messaging cannot be guaranteed.

In the previous discussion, Email security guidelines was discussed, and this is the second element in the security guidelines for your organization. Instant Messaging sessions can be easily hijacked and communications viewed without your knowledge. We cannot guarantee Instant Messaging security for the communications of the information, the security and integrity of information via Instant Messaging cannot be guaranteed, so do not discuss sensitive business or private and personal details using Instant Messaging.

Instant Messaging (IM) is a communication tool that provides for two-way communication in real-time. For the two-way communication to occur each person must use the same Instant Messaging product such as ICQ, Yahoo Messenger or MSN Messenger (called Windows Messenger in Windows XP)

Instant Messaging allows you to attach files to communications and enter channels, which is an Instant Messaging session discussing a common topic with many users participating. When you connect to contact a person on your list, you connect via the public Internet where there is no security or privacy.

Instant Messaging Passwords

Regarding the password, use the following Instant Messaging security guidelines.

  1. Do not use your normal corporate login password when you log into instant messaging.
  2. Protect your passwords at all times.
  3. Ensure your screensaver is locked when you leave the computer unattended.
  4. Remember that you are responsible and accountable for all actions taken under your User ID and password.

Instant Messaging Security Risks

  1. Instant Messaging security cannot be guaranteed for communications where communications can be logged or archived without your knowledge.
  2. Hackers can easily masquerade as an Instant Messaging moderator or user.
  3. Instant Messaging sessions can be easily hijacked and communications can be viewed without your knowledge.
  4. Your corporate information can be easily and uncontrollably distributed if you allow file sharing.
  5. Instant Messaging attachments can contain viruses and other malicious programs.
  6. Inappropriate Instant Messaging communications may cause damage to the corporate reputation.

Harassment and Discrimination

For your Instant Messaging security – you should ensure that you do not include in your Instant Messaging communications, discussions that are; offensive, defamatory, discriminatory, sexist or harassing because it is considered inappropriate, unprofessional and may be against the law. Such discussions include:

  • Sexually explicit or other offensive text or jokes;
  • Material containing ethnic or racial slurs, or anything that may be construed as harassment etc of others based on their:
    • Race or national origin
    • Gender or sexual orientation
    • Age or disability
    • Religious or political beliefs.

Instant Messaging Use

If you have a business reason to use Instant Messaging, you should first seek your Manager’s authorization before using Instant Messaging and then follow the instant messaging security guidance provided below:

  1. Be careful not to purport to represent your corporate, corporate opinion or corporate policy within instant messaging communications.
  2. Do not discuss clients/customers or information provided by them to the corporate using Instant Messaging.
  3. Internet Messaging should not be used for unlawful activities; e.g. : insider trading, fraudulent acts, defamation or any other activity deemed illegal by local legislation.
  4. Instant Messaging should not be used for private commercial purposes or personal financial gain except where authorized.
  5. Do not use Instant Messaging to transfer files or folders – instant messaging security cannot be guaranteed, use Email instead.
  6. Turn off the file sharing function within your Instant Messaging product.
  7. Ensure that you are not abusive, aggressive or deliberately anti-social while using Instant Messaging.

Official Business Records

Unlike email, we cannot guarantee Instant Messaging security. Instant messaging is lack of security. Instant Messaging communications cannot be considered to be official business records and should not be used to negotiate business transactions or be used to authorize or sign off on business transactions. Instant Messaging should only be used for quick non-sensitive business communications such as status updates and meeting times etc. Just remember, since we cannot guarantee Instant Messaging security, Instant Messaging is not private or secure and your discussions can be eavesdropped by other people without your knowledge.

Increase In Spam

If you use your email address as your Instant Messaging handle you may find that you will get an increase in the amount of spam sent to you. This is due to the fact that your handle is held in Internet public directories that spammers use to target people. It is always best to use a handle that is not an email address associated with you, use an internet account.

Viruses and Malicious Programs

One of the biggest problems with Instant Messaging security is that files of any type sent to you via instant messaging bypass the virus scanning tools on corporate electronic gateway. There are specific malicious programs that have been designed to spread via instant messaging file sharing.

Therefore you must ensure you do the following:

  • Use email for all file transfers.
  • If you receive files etc via Instant Messaging – delete them.
  • Request all files to be sent to you via email only.

Scripting

You should be aware that some Instant Messaging products provide scripting capabilities. This means that users with a basic technical knowledge can write script to instruct Instant Messaging to do things such as contact other users, send files, change settings and perform other potentially malicious acts without your knowledge. It is due to this, that it is really important for you to not accept or transfer files via Instant Messaging. So we cannot guarantee Instant Messaging security for critical business communications.

The next article that you should read is Internet security guidelines. Internet access is a business tool, so that’s why internet security policy should be developed as guidelines to support the business. This access is a privilege and you are expected to act professionally and appropriately while using the Internet.


See also:

Share
March 27th, 2009 | Tags: , , | Category: Information Security, Tips

1 comment to Instant Messaging Security

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>