- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
1. Viruses and worms over IM.
Out of the top 50 viruses and worms over the past six months, 19 of them used peer-to-peer or IM applications. Most viruses are sent through file transfers, which bypass traditional gateway and anti-virus security. Public IM clients also have publicized vulnerabilities, where flaws such as buffer overflows and boundary condition errors have been exploited to spread viruses, worms or denial-of-service attacks.
2. Identity theft/authentication spoofing.
Public IM systems let individuals create anonymous identities, which do not map to e-mail addresses. IDs can be created even if the IDs and domains are not owned by that individual ("billgates" or "johnchambers," for example). Spoofing creates risk, as these IDs can be used maliciously, outside the control of the IT security department.
3. Firewall tunneling.
IM clients find ways to tunnel through firewalls, creating risk. Most IM services come through well-publicized ports (5190 for AOL Instant Messenger, 1863 for MSN and 5050 for Yahoo), but IM clients also can exploit any open port on the firewall, including those used by other applications (such as Port 80 for Web and HTTP traffic). Some clients also can connect via peer-to-peer connections or establish connections on randomly negotiated ports.
4. Data security leaks.
Unmonitored content leaving the corporation without the knowledge of the information security department introduces legal and competitive risk (such as a CFO sending a confidential spreadsheet via IM without an audit trail). File transfer over IM is a powerful way to send information beyond the tracing capabilities of the IT department. The lack of content filtering and archiving makes it difficult for IT to discover potential breaches of policy or to hold individuals accountable.
5. Spim.
IMlogic says that 5% to 7% of IM traffic today is spim (instant messaging spam). Spim can be more disruptive than e-mail spam, as it is more intrusive (the pop-up spim interrupts the user) and generally of a more sexually offensive nature (leading to human resources and legal risk).
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
CA Network & Voice Resource Center
Comprehensive Network & Voice Management Visit CA Network & Voice Management Resource Center and get insights into industry best practices, information that helps you to address your challenges.
CA Network & Voice Management Resource Center
Managing Voice Over IP for Successful Convergence
Voice over IP (VoIP) has much to offer in cost savings but some customers have concerns about VoIP call quality compared to the quality of traditional voice services. This white paper will help you learn how to take the right steps so that voice quality is assured.
Managing VoIP for Successful Convergence
The Changing Face of Network Management
Managing your network is serious business. This paper discusses the benefits of integrating configuration change-awareness into your network fault management solution
Download Whitepaper
Comments (1)
RE: Top 5 IM security risksBy Ray on November 11, 2007, 10:48 pmMy son and I just purchasd webcams. When we tried to initiate a video call, my system allowed me to access his system but he could not see us. Zone Alarm notified...
Reply | Read entire comment
View all comments