Hotmail - A security risk to companies ?

rubber_vomit

Hi all,just a quick question. Is Hotmail still considered unsafe for users of a medium sized company to be using as web mail for personal use. Obviously we have internal mail also via Exchange.

Am using ISA to block this site but you seriously become unpopular very quickly despite advising it's for security purposes. Then again is Yahoo and all the rest of them as bad?

Just wondered if you had any opinions / knowledge of this.

Thanks.

:-)

the Guru

My advise is to block it , I take it you are the admin , if somone downloads a virus onto your network you are the one that will get the slap on the wrist and maybe fired if its really serious ,

I would also suggest blocking Sex sites, job sites, game sites

mpgs etc ... as this will save your bandwidth if you are using DSL
Pornographic jpegs your software should be able to check for flesh tones and filter them out

Static M.e.

I would disagree.

In this day, everyone use's email, Instant messaging, IRC the works, you can either blanket ban the whole lot and infuriate everyone on the network who will constantly look for loops holes to get the funny email their friend sent thus opening your netowrk up in ways you cant control

Or Make everyone more security aware and instill the point in them that it is their responsibility to be vigilant / responsible when it comes opening attachments etc have them agree on policy documents and sign them, you also would need to get management on your side and have them agree on what ever way you want to go. Patch management would be also be critical here but it should be anyway.

Also make sure you let everyone know that in the interest of security that all websites they access from work are being monitored and the time they spend on them, you can get loads of opensource or commerial packages for this.

just my 2 cents

another thing it would depend on would be what the current policy was, if people have been using Hotmail for the last 2 years and now suddenly you ban it Mr IT man will not be most welcome person in the office and if you are also the person who has to be on the floor dealing with desktop issues it will be a pain in the ass listening to the whine everyday. If you decide to ban it, have management ban it (Right from the top) that way you dont get the stick on the floor and can do your job more easily and also the IT departments PR isnt effected. Everyone is happy ... kinda

Stephen

Where I work, we block all webmail sites via websense (well, those that websense knows about), there's still ways around it but 99% of our userbase aren't that desperate for hotmail. This has pretty much always been the way, so its not like we've cut people off webmail after letting them use it for ages. We also block a heap of other categories such as games, porn, warez, streaming video etc. It is not done out of being a bunch of fascists, but rather to reduce the bandwidth usage on our pretty small internet pipe and protect us from sticky legal situations etc.
We also scan all traffic going through the proxy server for viruses and have daily updated Symantec AV on all client PC's.

I think people on dialup at home with their laptops and no firewall are a far greater threat than webmail, but c'est la vie.

zuma

the Guru wrote:

Pornographic jpegs your software should be able to check for flesh tones and filter them out

Is such software available and will it work?

The last time I checked not everone has the same skin colour.....black,brown,sandy,pinkish,whiteish...etc!!!
Using such software may...not work as intended and could end up blocking a hell of a lot more than porn sites!!!

Lush

All Internet email is a security risk in one way or another as you are relying on external anti-spam, anti-virus etc which is out of your control. Plus its the number 1 way for virii to enter your network. We block all Internet mail, along with a whole rake of other sites & catagories which are filtered via our firewalls.

If staff want to view Internet email, then we let them use a non networked PC in the canteen with a regular dialup account. The PC usually lasts a week max before it dies because of virii & trojans. And yes it does have anti-virus software on it. The users understand why Internet email is blocked when they see the state of the PC...:cool:

ro2

zuma wrote:

Is such software available and will it work?

The last time I checked not everone has the same skin colour.....black,brown,sandy,pinkish,whiteish...etc!!!
Using such software may...not work as intended and could end up blocking a hell of a lot more than porn sites!!!

You can do it with Mailsweeper - http://www.clearswift.com/

Capt'n Midnight

Stephen wrote:

I think people on dialup at home with their laptops and no firewall are a far greater threat than webmail, but c'est la vie.

Yeah you'd need to remove FDD/CD/DVD/Modem/WiFi/Disble uPNP/Disable USB in BIOIS / Password BIOS / install AV and local firewall to even begin to feel semi secure.

Sponge Bob

zuma wrote:

Using such software may...not work as intended and could end up blocking a hell of a lot more than porn sites!!!

porn yes, Gavin Henson is a notable 'side effect'