[ISN] EDS bans IM

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 23:14:50 PDT

Next message: InfoSec News: "Re: [ISN] Security myths costing firms"

Previous message: InfoSec News: "[ISN] Old Microsoft bug may cause data leaks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.co.uk/content/55/25185.html

By John Leyden
Posted: 07/05/2002 at 17:42 GMT

EDS, the computer arm of the British government, has banned its staff
from using Instant Messenger products in the workplace. It cites
security concerns, especially over virus transmissions.

A memo to staff from EDS' security compliance unit leaked to The
Register describes "use of Instant Messenger (IM) products through the
Internet" as a "risk to Client EDS' infrastructure and network".

The company will block access to public Internet instant message sites
at its firewalls from tomorrow (May 8).

Security staff can make exceptions to the rule but the policy means
that from tomorrow EDS staff will be unable to use popular IM products
such as AOL, ICQ and Yahoo!

Gateway AV tools or managed services providers can be used to block
infectious emails before they reach end users, but instant messages go
directly to workstations - so skipping a layer of defence.

IM is convenient but it can create holes into an organisation. Instant
messaging attacks have become a common method of propagation in recent
viral outbreaks, and (as CERT warned back in March) a tool for social
engineering, including tricking users into running malicious software
(potentially DDoS attack tools) on their machines.

Neil Barrett, technical director of security consultancy firm IRM,
said IM products are "implicitly clandestine" and make the exchange of
files easier - something likely to be frowned on by security-conscious
organisations.

EDS is not noted for its lightness of touch with staff - and it hasn't
always been so cosy with the UK government. In 1986, the company was
found out ordering staff, American nationals, to lie to British
immigration officials. The staff were told to say they were coming to
the UK on holiday, when in reality, their real purpose was to work.  
That cost EDS one measly UK government contract - or, to be precise,
the chance to bid for one contract.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "Re: [ISN] Security myths costing firms"
Previous message: InfoSec News: "[ISN] Old Microsoft bug may cause data leaks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 03:17:34 PDT