RE: Security Fears Prod Many Firms To Limit Staff Use ofWebServices

["D'Aloisio, Marc" <Marc.DAloisio () ct gov>]

IMHO, IM is definitely a threat.  I was involved in an incident a while
ago where a group of consultants working on a project was using public
IM to discuss sensitive details of the project, including passing
privileged credentials (userids and passwords).  We caught it monitoring
traffic with an IDS.  Needless to say, that practice stopped, but we
were told it was common practice within consulting firms to collaborate
using public IM as well as public email (Yahoo, gmail, etc.).  To me,
it's a risk to have unsecured sensitive communications going through
and/or stored on servers not managed by the data owner or covered by
NDA, SLA, or other agreement that covers confidentiality.

Marc D'Aloisio, CISSP 
Network Security Analyst; Security Incident Response 
State of Connecticut - Department of Information Technology 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Larry Seltzer
Sent: Thursday, March 30, 2006 10:04 AM
To: funsec () linuxbox org
Subject: RE: [funsec] Security Fears Prod Many Firms To Limit Staff Use
ofWebServices


I would block file sharing myself if I were in charge of IT, but IM
seems like an overreaction. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.