Sajid Ahmed
Group C
Cs 312
E-mail and instant messengers are marvels of modern communication. They have many benefits but as discussed in “The Perils of E-mail” there are also many vulnerabilities to using these tools. According to the article the internal electronic communication of these companies were used as evidence in the court. The SEC makes it a requirement for investment houses to keep the internal communication and communication between the clients of the businesses be recorded. Email, web mail, and any other kinds of communication like these must be in file for three to six years and they must be easily searchable[1].
The popularity of instant messaging has exceeded the popularity of emails. According to IDC the corporate IM users in going to increase from 5.5 million is 2000 to 181 million in 2004[2]. The most popular public IM services like AIM, Yahoo Messenger, MSN Messenger are insecure by nature. These messengers use clear text to communicate and there is no guarantee that the text is not going to be read at on of the many external server that the message is going to travel through using a network scanner. Many of these programs keeps a log of all the conversation and the company may be asked to submit these record at any point. Microsoft IM clients use .Net passports as universal login which might contain personal information of corporate personal. The .Net passport is crackable used with dial up networking, which could lead to compromise of personal information. “Virus writers are turning an eye toward IM, upgrading worms and viruses to take advantage of IM”[3]. The same kind of code used to infect computers through the email can be used with IM. Many corporate employees install the IM client on their own, which leads to lack of supervision, standards, and security procedure. The communication generated through the IM program may travel outside the secure corporate network and these communication can contain sensitive corporate information. Viruses can be designed to connect the IM client to live chat rooms and wait for instructions from the virus writer.
The articles suggest that not using IM client is the best solution to eliminate the security risk. Companies can also use secure IM clients specially designed for corporate networks from companies like: Lotus, Jabber, NetLert, and Odigo. VPN secure extranet can also be used for internal and external communication with clients.
Resources:
February 19, 2004. <http://www.gobizamerica.com/news/news_details.asp?ID=1895>
February 19, 2004. <news.zdnet.co.uk/business/0,39020645,2096591,00.htm>
February 19, 2004.
<
itmanagement.earthweb.com/entdev/article.php/2232411>
[1] Simmons & Company
International Secures Instant Messaging Communications With Vericept’s
View Content Monitoring. <http://www.gobizamerica.com/news/news_details.asp?ID=1895>
[2] Instant messaging - better safe than sorry. <news.zdnet.co.uk/business/0,39020645,2096591,00.htm>
[3] Instant Messaging Can Usher in Instant Problems. < itmanagement.earthweb.com/entdev/article.php/2232411>