Security Basics mailing list archives
Re: IRC in corporate enviroment
From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 21 Jun 2011 11:26:42 -0500
Dennis Dayman <dennis-lists () thenose net> writes:
Looking for some pros cons to having IRC connectivity in a corporate environment. Our R&D guys would like to join some coding channels to get ideas and help, but we are hesitating to allow them for fear of a possible hole being opened via an IRC channel and client. thoughts on pro's or cons? what is the beat way to implement if it is deemed ok?
Cons -- you can't log it. If you don't have a regulatory driver requiring this, then who cares. Also, you have to start thinking about what irc clients to suggest/allow, and do the usual patch/vuln management dance of "what if Joe and his outdated pidgin client suddenly want to do internet irc too, or internet chat and gets owned?" Much of this risk can be entirely mitigated by implementing strong ingress and egress filtering which you may be doing already. Pros - cheap and easy. My prior 2 employers had internal IRC and it was enormously helpful, especially in situations where disparate geographies need to collaborate and team build. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- IRC in corporate enviroment Dennis Dayman (Jun 20)
- Re: IRC in corporate enviroment AK (Jun 23)
- Re: IRC in corporate enviroment securityfocus . com (Jun 23)
- Re: IRC in corporate enviroment MaddHatter (Jun 26)
- Re: IRC in corporate enviroment Dennis Dayman (Jun 23)
- RE: IRC in corporate enviroment McLean, Thomas (Jun 26)
- Re: IRC in corporate enviroment Joel Eriksson (Jun 27)
- Re: IRC in corporate enviroment Todd Haverkos (Jun 26)