Instant Messaging risks

Instant Messaging risks

Instant Messaging (IM) as a business tool can be quite effective, but any tool can be abused, especially if unmanaged. The best way to manage any communication is to ensure that communication is directed through a central point, like a gateway. Vendors have worked this out and have built clients that are gateway aware and that function as both internal and external IM solutions.

Recently there have been many Instant Messaging vulnerabilities. Antivirus vendors are realising that worms, viruses and other malware can spread through IM and are building new defences that reduce the risk.

Links transferred by the use of IM are an additional risk, the use of application firewalls on the corporate LAN can reduce the risk, but a bigger problem is presented when users take their corporate machines offsite. On unprotected networks application layer firewalls are absent at the perimeter meaning that communication is less secure, for this reason the endpoint requires a host based firewall solution that has scanning capability.

In some organisations where the policy is not to allow Instant Messaging communications, some users have found a way around the firewall technical control by using HTTPS based websites. These websites effectively bypass the scanning and grant access to these users. The problem is that some of these websites capture the data and credentials for spying deliberately.

Because IM does not yet consider authentication mechanisms like two factor authentication, impersonation and unauthorised access is a strong possibility.

Some worms spread using links that are sent to your entire contact list like (W32.Aplore.A@mm), it then installs browser plug-in and then the fun begins. Certain worms patch files and when these systems files are executed. a unique trojanware is downloaded. Backdoors and encrypted tunnels to internet based servers are all common.

Some worms are so volatile and aggressive that in seven seconds Symantec reported that over 500,000 machines were infected and Zombified.

Threats like man in the middle, password theft, information disclosure, data leakage and many more similar threats are all possible and create a significant risk to any business and or individual.

Are there any benefit?

• Low communication costs.
• Instant response.
• Quicker turn around.
• Instant file sharing.
• Collaborative approach.

Is there a balance?

With an enforceable security policy and adequate technical controls it is possible to achieve balance. The implementation of application layer firewalls with fifth generation scanning capabilities will better secure your network. Corporate IM servers that scan and manage connections outbound acting like a proxy can provide for greater management and control over the wave clients being used. A strong security policy that can be enforced and implemented by use of network and endpoint technical controls is a must. User education and awareness is key and a consistent and structured approach will ensure a happy medium.