Top 5 IM security risks

The top five risks facing enterprises that allow instant messaging.

1. Viruses and worms over IM.

Out of the top 50 viruses and worms over the past six months, 19 of them used peer-to-peer or IM applications. Most viruses are sent through file transfers, which bypass traditional gateway and anti-virus security. Public IM clients also have publicized vulnerabilities, where flaws such as buffer overflows and boundary condition errors have been exploited to spread viruses, worms or denial-of-service attacks.

2. Identity theft/authentication spoofing.

Public IM systems let individuals create anonymous identities, which do not map to e-mail addresses. IDs can be created even if the IDs and domains are not owned by that individual ("billgates" or "johnchambers," for example). Spoofing creates risk, as these IDs can be used maliciously, outside the control of the IT security department.

3. Firewall tunneling.

IM clients find ways to tunnel through firewalls, creating risk. Most IM services come through well-publicized ports (5190 for AOL Instant Messenger, 1863 for MSN and 5050 for Yahoo), but IM clients also can exploit any open port on the firewall, including those used by other applications (such as Port 80 for Web and HTTP traffic). Some clients also can connect via peer-to-peer connections or establish connections on randomly negotiated ports.

4. Data security leaks.

Unmonitored content leaving the corporation without the knowledge of the information security department introduces legal and competitive risk (such as a CFO sending a confidential spreadsheet via IM without an audit trail). File transfer over IM is a powerful way to send information beyond the tracing capabilities of the IT department. The lack of content filtering and archiving makes it difficult for IT to discover potential breaches of policy or to hold individuals accountable.

5. Spim.

IMlogic says that 5% to 7% of IM traffic today is spim (instant messaging spam). Spim can be more disruptive than e-mail spam, as it is more intrusive (the pop-up spim interrupts the user) and generally of a more sexually offensive nature (leading to human resources and legal risk).

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies