Average Reviews:
(More customer reviews)There are two schools of thought on allowing the use of public instant messaging (IM) and peer-to-peer (P2P) applications in the business enterprise. One, that I subscribe to, is that you just do not do it. There are too many risks that make it problematic, even if you feel they can be managed. Another school of thought says "sure, we can manage the risks associated with that". So enter into the discussion Paul Piccard's "Securing IM and P2P Applications for the Enterprise" (Syngress Press, 2005, 454 pages, ISBN 1597490172). While not being as complete as I would like it to be, it provides enough foundation information to suit the needs of either point of view.
The book is broken down into 16 chapters, with each chapter focusing on a specific piece of software or technology. Part I focuses in instant messaging. The first chapter gives an overview of the instant messaging "market", the players, and the risks of instant messaging. There is nothing ground breaking here that is not covered in more depth and detail elsewhere, but it fives an effective overview. The remaining 6 chapters focus on the different instant messaging services/clients. An overview is provided on the architecture and protocols associated with the client. Also addressed is features, client information, security information and malicious code threats. Unfortunately, no where in the text does the author address user awareness and education, which are critical.
Part II of the book covers P2P Networks. These 5 chapters cover the major P2P clients, their history, how they work, and the threats to the enterprise. They do a much better job than they did in Part I, but again do not address user awareness and education. Part III covers Internet-Relay Chat (IRC), its history, how it works and security issues. In a way, I wish the author had just said up front to never allow IRC to be used in the enterprise. There are just too many risks beyond security associated with IRC.
Who Should Read This Book
This book should be read by anybody who wants to get a deeper technical understanding of IM and P2P applications. Because the author may have focused too much on technology, with not enough focus on policy development, user education, and awareness. It is for this reason that anybody who purchases this book should also buy Nancy Flynn's "Instant Messaging Rules" as a companion read.
The Scorecard
Par on an average Par 4.
Click Here to see more reviews about: Securing IM and P2P Applications for the Enterprise
This book is for system administrators and security professionals who need to bring now ubiquitous IM and P2P applications under their control. Many businesses are now taking advantage of the speed and efficiency offered by both IM and P2P applications, yet are completely ill-equipped to deal with the management and security ramifications. These companies are now finding out the hard way that these applications which have infiltrated their networks are now the prime targets for malicious network traffic. This book will provide specific information for IT professionals to protect themselves from these vulnerabilities at both the network and application layers by identifying and blocking this malicious traffic.* A recent study by the Yankee group ranked "managing and securing IM and P2P applications" as the #3 priority for IT managers in 2004* The recently updated SANS/FBI top 10 list of vulnerabilities for computers running Microsoft Windows contained both P2P and IM applications for the first time* The recently released Symantec Threat Assessment report for the first half of 2004 showed that 19 of the top 50 virus threats targeted IM or P2P applications. Despite the prevalence of IM and P2P applications on corporate networks and the risks they pose, there are no other books covering these topics
Click here for more information about Securing IM and P2P Applications for the Enterprise
0 comments:
Post a Comment