Security Basics mailing list archives
Re: Survey: Chat and IM
From: Charles Otstot <charles.otstot () ncmail net>
Date: Tue, 26 Nov 2002 14:45:32 -0500
Toni, David... Have you (and your respective staffs) considered a compromise? I don't know precisely how widespread business IM use is, but it is an expanding market. If your end-users (and by extension, IT staff) see it as a business requirement, it seems to me that the "battle" has already been lost. Better to achieve some measure of control than to fight a battle that is doomed to failure. There are a number of products on the market now that allow you to configure your own IM and chat servers that you can configure for internal use. If users perceive a business need for such a product, a reasonable measure of security can be achieved while still providing legitimate business functionality. Perhaps packaging it to the users (from both your group and the IT group) that we understand the need for such a tool, however due to security concerns, usage must be limited both in scope (i.e. business use only) and in location (i.e. no communication with external entities). Limit usage within the confines of your network (or at the least, VPN connections for remote users). That should help alleviate your concerns somewhat and allow IT to provide a tool that users consider useful for the business process. Hope this helps at least a bit. Charlie ONEILL David J wrote:
Good Luck ... We got shot down in Flames, no matter how we packaged it. David J. O'Neill NEDSS - IS7 Parkway Bldg., 2nd Floor Phone: (503) 378-2101 ext. 364 FAX: (503) 378-2102tony572001 () hotmail com 11/25/02 01:48PM >>>Hi, We currently are allowing web based chat and instant messaging. I know that there are lots of security issues involved with its usage. The IT folks are telling me that it is a common practice in the industry. I have a hard time believing this and this is one battle I would like to take on. QUESTION: DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING? If this was a battle you fought, could you please give me some ideas on how you won the battle. Any good articles/white papers that could support my position? Toni CISSP, CPA Security Services NW Mutural Banking LTD _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
-- E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. --
Current thread:
- Re: Survey: Chat and IM ONEILL David J (Nov 26)
- Re: Survey: Chat and IM Todd Plesco (Nov 26)
- Re: Survey: Chat and IM Todd Plesco (Nov 26)
- Re: Survey: Chat and IM Charles Otstot (Nov 27)
- <Possible follow-ups>
- RE: Survey: Chat and IM Fred Hoot (Nov 26)
- Re: Survey: Chat and IM Devdas Bhagat (Nov 26)
- Survey: Chat and IM tony toni (Nov 26)
- Re: Survey: Chat and IM Johannes Ullrich (Nov 26)
- Re: Survey: Chat and IM Jason Yates (Nov 26)
- Re: Survey: Chat and IM Zinger (Nov 27)
- Re: Survey: Chat and IM Sumit Dhar (Nov 28)
- Re: Survey: Chat and IM Chris Berry (Nov 26)
- RE: Survey: Chat and IM Robinson, Sonja (Nov 26)
- RE: Survey: Chat and IM LEHMANN, TODD (Nov 26)