A good article on IM/P2P security

By accident, I found a good article on PC Magzine

Divulging company secrets is only one of the serious threats posed by IM and P2P applications. Both provide new entry points to your network for intrusions, data theft, denial-of-service attacks, viruses, and worms. In fact, security vendor Symantec reported in one of its biannual Internet Security Threat Reports that the number of attacks over IM and P2P systems quadrupled from January to June 2003. Both applications are adept at bypassing firewalls using port-scanning and tunneling techniques. And none of the popular IM clients offers strong authentication or encryption, so they are vulnerable to account hijacking and eavesdropping for valuable or damaging company information divulged by unwitting employees.

Then there are the bandwidth issues. Since each P2P node is acting as both a client and a server, your precious network bandwidth may be devoured not only by your internal P2P and IM users but also by P2P users all over the planet downloading songs from your users’ shared directories.

And don’t forget the legal issues. The Recording Industry Association of America (RIAA) has repeatedly warned Fortune 1000 companies that they could be liable for employees that break copyright laws by using their networks to download, store, or distribute music or movies illegally. In fact, the RIAA sued one Arizona-based software company in 2002, resulting in a settlement of $1 million. Companies that don’t prevent downloading of pornographic material risk hostile-workplace lawsuits and negative publicity.

Comments are closed.

%d bloggers like this: