[Web4lib] IM Security

[Ross Singer]

On 3/5/07, Leo Robert Klein <leo at leoklein.com> wrote:
>
> It's kind of crazy that we should be having these kinds of problems
> given how prevalent IM'ing is as a form of communication.
>
> I'm no networking expert but this Port problem sounds a bit like old
> style FTP.  A solution was eventually found using "Passive" FTP.  You'd
> think something could be found for IM -- and in a hurry.
>
> I just can't understand an institution in this day and age --
> particularly one with a public service function -- that isn't
> _encouraging_ their employees to use IM.
>
> This is one for the history books.

I couldn't agree with this more.  When security managers become
paranoid, they ironically become a more extensive denial of service
than any exploit.

Besides, this is what IT people are /paid to deal with/.  It is not
the job of the sysadmin or the information security person to
determine what services will be offered for an institution.  It is
their job to determine the most logical deployment and minimize risk
in the event of catastrophe.  If they are unable to do that (like by
taking of a policy of doing nothing, since they know that works), they
need to be replaced with somebody who is willing to 'make things
work'.

-Ross.