1. Instant messaging
People use instant messaging for everything from making sure their kids have a ride home from practice to communicating with co-workers and business partners. In the Yankee study, 40 percent of respondents said they use consumer IM technology at work. Instant messaging present numerous security challenges. Among other things, malware can enter a corporate network through external IM clients and IM users can send sensitive company data across insecure networks.
One way to combat threats is to phase out consumer IM services and use an internal IM server. In late 2005, Global Crossing did just that when it deployed Microsoft's Live Communications Server (LCS). Then in August 2006 it blocked employees from directly using external IM services from providers such as AOL, MSN and Yahoo. Now, all internal IM exchanges are encrypted, and external IM exchanges are protected, as they're funneled through the LCS server and Microsoft's public IM cloud.
Adopting an internal IM server also gave Global Crossing's security team more control. "Through the public IM cloud, we're able to make certain choices as to how restrictive or open we are. We can block file transfers, limit the information leaving our network or restrict URLs coming in," which was a common method for propagating worms, Miller says. "That takes away a huge component of malicious activity."
You can also take a harder line. DeKalb's security policy, for instance, bans IM use altogether. "It's mainly chat-type traffic, not personal health information, but it's still a concern," Finney says. As backup to the restrictive policy, she blocks most sites where IM clients can be downloaded, although she can't block MSN, AOL or Yahoo because many physicians use those sites for e-mail accounts. Her team also uses a network inventory tool that can detect IM clients on employee PCs. If one is found, the employee is reminded of DeKalb's no-IM policy and notified that the IM client will be removed. Finney is also considering various methods of blocking outbound IM traffic, but for now, she also uses a data loss prevention tool from Vericept Corp. to monitor IM traffic and alert the security team about any serious breaches. To do that, Finney's team needs to shut down most of its Internet ports, which forces IM traffic to scroll to Port 80 for monitoring.
DeKalb is looking into the idea of implementing the IM add-on of IBM's Lotus Notes or even an internal freeware IM service like Jabber for business users who want to communicate across campus. "Nothing is 100 percent," Finney says. "IM is always a huge concern from a security as well as a productivity perspective.