Feeds

EDS bans IM

Big hammer, small nut

  • alert
  • submit to reddit

EDS, the computer arm of the British government, has banned its staff from using Instant Messenger products in the workplace. It cites security concerns, especially over virus transmissions.

A memo to staff from EDS' security compliance unit leaked to The Register describes "use of Instant Messenger (IM) products through the Internet" as a "risk to Client EDS' infrastructure and network".

The company will block access to public Internet instant message sites at its firewalls from tomorrow (May 8).

Security staff can make exceptions to the rule but the policy means that from tomorrow EDS staff will be unable to use popular IM products such as AOL, ICQ and Yahoo!

Gateway AV tools or managed services providers can be used to block infectious emails before they reach end users, but instant messages go directly to workstations - so skipping a layer of defence.

IM is convenient but it can create holes into an organisation. Instant messaging attacks have become a common method of propagation in recent viral outbreaks, and (as CERT warned back in March) a tool for social engineering, including tricking users into running malicious software (potentially DDoS attack tools) on their machines.

Neil Barrett, technical director of security consultancy firm IRM, said IM products are "implicitly clandestine" and make the exchange of files easier - something likely to be frowned on by security-conscious organisations.

EDS is not noted for its lightness of touch with staff - and it hasn't always been so cosy with the UK government. In 1986, the company was found out ordering staff, American nationals, to lie to British immigration officials. The staff were told to say they were coming to the UK on holiday, when in reality, their real purpose was to work. That cost EDS one measly UK government contract - or, to be precise, the chance to bid for one contract. ®

Related stories

Instant message, cracker tricks
Klez worm infects and infuriates
ICQ hack theories flood into Vulture Central

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?