7.5 Instant Messenger (IM) PolicyIn the past few years, instant messengers (IMs) have become very popular. Yahoo, AOL, ICQ, and Microsoft all offer them. While they do not interoperate, of course, Linux can interact with all of them with Gaim and similar programs. Gaim's home page is gaim.sourceforge.net/index.php The problem is that these sorts of programs allow essentially any data into or out of your network, including confidential data, binary data, and viruses. Many virus filters that can handle mail attachments and even Web page attacks cannot filter out evil packets from IMs. While IM may be fun, it does not offer any technical advantage over a combination of e-mail and telephone access. Furthermore, the interruptions can cut down on productivity. There have been some security bugs reported in several of the instant messenger services. The British government and other organizations have banned instant messaging from their networks due to the security risk and productivity issues it poses. You may want to at least block it from sensitive subnets within your organization. If you allow it, be sure to allow it only from each service's server IP addresses; this will offer at least a little protection from attack. However, be aware that if your users are online, anyone in the world can start sending messages to them. This should send a shiver down your back. With e-mail, at least, either you are using a virus filter or you have disabled mail clients from loading attachments automatically. |
Top |