Re: IPMSG.EXE
From: Byron Hynes (nospam_at_byronetta.com)
Date: 03/21/05
- Next message: Rex Young: "OWA Exploit"
- Previous message: Byron Hynes: "Re: IPMSG.EXE"
- In reply to: Sanjeev: "IPMSG.EXE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Mar 2005 13:10:54 -0800
> Some of the users on our compnay network have been found to be using
> IP
> based network messeging program ipmsg.exe downloaded from some site.I
> have
> couple of queries:
> 1. Is it unsafe to permit such prorams to be there on network?
> 2. what are the issues?
> 3. Can this be stopped , say , by disabling Windows Messenger Service
> on
> individaul computers.
> 4.How to disable it from firewall?
What is the risk? What is the benefit? Which is more important to the company?
If you have a large number of users who are circumventing a security policy,
it is probably because they belive that the security policy is stupid and
stopping them from getting their work done effectively.
(You do have a written security policy, right? If not, hold any further discussion
until you do.)
If the policy is fair and in the best interest of the company than the managers
of these users need to take them aside and start a management process - one
that would start with education and explanation and could possibly end with
"keep doing this and you risk being fired". If on the other hand, the users
have a valid business need, then the job of the IT function is to provide
for that need to be met. The IT security role, then, becomes to manage the
risk and make choices that let the business function happen with the least
risk.
As to your questions, it is impossible for anyone but you (or your business)
to answer #1 and #2. I would think that the answer to #3 is almost definatly
"no", but that would depend on the program they are using. For #4, it's like
any other traffic through a firewall, you have to block it by port or by
content, which would require understanding what it is doing. However, I would
say that you shouldn't look at #4 until you have addressed #1 and #2.
In my personal opinion, the exchange of simple text messages is unlikely
to be a security risk from a technical point of view, almost no matter how
they are carried. Bigger questions, though, would be about the CONTENT...
is this confidential information? is this information that should be encrypted
between source and destination? does your company have a legal requirement
to archive the communication? is it external or internal? One of the questions
I sometimes pose in meetings is "if the participants exchanged this information
using a pen and paper, would that change our view?"
- Next message: Rex Young: "OWA Exploit"
- Previous message: Byron Hynes: "Re: IPMSG.EXE"
- In reply to: Sanjeev: "IPMSG.EXE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
