Asearch on "ICQ" and "security" should answer your question :-). In any case, what's coming out here is basically the two approaches to system security: (1) Deny everything except what's identified as being required by the business (my approach), and (2) allow almost everything and tackle issues as they arise and assume your users are going to "play fair". In our business, my users do not require access to ICQ to conduct company business, so I don't allow it. Richard in another message made a point of "anyone who's fired someone for using ICQ etc. etc. etc." That's exactly my point. I'll bet that staff typically are NOT disciplined for this type of activity - until its too late and your network has already been compromised. But then, who do you think really gets the blame - them, or you? Brian Steele ----- Original Message ----- From: "D Clyde Williamson" <[EMAIL PROTECTED]> To: "Brian Steele" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, June 24, 2000 9:04 AM Subject: Re: icq > Brian Steele wrote: > > > > > If my employees are doing their job and not causing me liability issues, > > > > A poor "cover your arse" statement that simply won't hold up in the event of > > a security breach - unless you're the top dog in the show, of course. "Uh > > boss, yes I knew about the security problems with ICQ, but I really didn't > > see a problem allowing the users to use it on the corporate LAN..." . > > > > Exactly at what point will you judge that your employees, by goofing off on > > your corporate LAN, are causing you "liability issues"? > > > > Ok, let's put you on the spot. I assume from your statement then, seeing > > this discussion IS about ICQ, do you or don't you view the use of ICQ by > > your employees as a security issue on your network? > > > > Then again, if you have nothing on your network to secure... :-) > > > > Brian Steele > > > Brian, what security issues do you see with ICQ? The fact that > communication is cleartext? Or, the fact that (with some IM clients > dunno if AOL is one) files can be transferred? > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
