Enterprise IM security: what software and policies do you use?
One of our bloggers, Tony Bradley, recently discussed in his blog and on SearchUnifiedCommunications' "Reality Check" podcast the implications of IM and social networking on network security. What do you have in place at your workplace to address these issues? What combination of security and policy have you incorporated or plan to incorporate?
Software/Hardware used:
Software/Hardware used:
ASKED:
June 26, 2009 8:36 PM
UPDATED:
September 24, 2009 5:55 PM
RELATED QUESTIONS
Answer Wiki:
We have blocked all external IM programs including Yahoo, google, MS Messenger etc. Internally we use Live communicator. We have a set policy excluding external messenger use in our corporation and desktops do not have rights to download them. Basically users are informed from day one, "This is a company PC, not your personally owned home PC. Do not expect to use it like your home PC, it is intended for work only."
To see all answers submitted to the Answer Wiki: View Answer History.
I can say that, based on what I see in my security assessment work, admins try to block, users find a way around it, admins write the policies (big mistake), no one knows about them, and the cycle continues. It’s a never-ending battle.
Technochic: That makes sense; I know many organizations that put a ban on the installation of any programs by the end user. Though it seems harsh, when it comes down to it, it is a work machine.
KevinBeaver: That does sound like a never-ending battle. How do users find a way around it? Does your org have in place installation blocks like Technochic’s does?
Any peer to peer application, which most IM apps have can be unsafe for any network, use a comm server as mentioned above for a workplace network and by all means limit access to IM to only internal users.
I really think we continue to get asked to support some crazy stuff, yes IM is faster, but really cant email work in most instances, really it is getting ridiculous. There are rules in engineering and also network design and infrastructure, The first law of engineering is “Keep it simple stupid”. Sometimes I really miss the good old bulletin board days lol. We are starting to realize in more ways than one that less can really be more.
There are some UTMs that allow you to control your in-and-out traffic very efficiently like ideco gateway
You can set all kinds of restrictions rules per user, per group and more , its also a firewall and mail server etc , however it requires a dedicated server
so yeah this is what i chose for my network of 100 worksattions and i can recommend it too, price is competative comaredto alternatives with such functionality
Pardon my delayed response. I don’t use it in my own organization (I’m a one-man shop) but I do see and hear about users at my client sites changing the ports, using proxies, etc. in their IM software to get around firewall and content filtering controls. They can use proxies or anonymizers to get around specific web site filters as well. Or, they just hop onto their cellular air card or an unprotected wireless network (either in-house or someone else’s) that allows this type of access. The best way to control such access is at the desktop level using application blocking via Windows policies or third-party endpoint security applications.
It’s a game of cat of mouse that’ll probably never go away – especially given that management is typically out of the loop on this.