I’‘m looking for a guide / howto on how to create a secure IM enviroment to be used in an university network of more than 1000 computers / devices and more than 40 000 users. I love the ease of use of Wildfire and how we got up and running with it within our small team, but before we plan or suggest a larger pilotcase and test – I’'m trying to do a little research on potential problems and common pitfalls.
Any comments and discussion would be helpfull - and appreciated - as well as comments about how you have implemented IM in your organisation, and how have you balanced the need for security and available tools.
I’'m going to talk about security in four different meanings:
security from the user’'s point of view
security of the IM-infrastructure
security of each and every piece within the infrastructure
4 ) security by IM policy
- Security from the user’'s point of view
Clients that store user’‘s password and/or logs of conversations to harddrive, can be a a security risk. It should be easy and visually clear to the user clear all the private data from the client, whenever he/she wants to do it. If users are authenticated from the LDAP with their master password, breach of security in saved passwords would compromise user’'s whole account.
WIthin a conversation in an IM-client user should be able to trust both the security of the infrastructure and the identity/identities of other party/parties in the conversation. Web-clients have made it reasonably easy to check the certificate of the server in SSL-connection - however I haven’'t seen any Jabber-client that would allow anything similiar.
- Security of the IM-infrastructure
Certificates and TLS/SSL is only good if they are used in a way that really provides a secure infrastructure.
At the moment it feels that most of the clients do provide security for client - server communication, but provide less or no means what so ever for users against man in the middle attacks.
In my quick tests with wildfire and different clients, only PSI complained about self signed certificate. And no client allowed user easily check server’'s sertificate.
I haven’'t yet studied at all server to server communications, but believe/hope that it is in order.
- Security of infrastructure components
Each server that user’'s connect to, should also be secured properly - as well as external resources like databases they use. There are good instructions available on these subjects.
Policy and guidelines should force / help users do the right thing. Use the proper secure client - even though it has less emoticons than something else - and know just like with email, what can be said in messages that travel to the outer world.
Question about certificates: http://www.igniterealtime.org/forum/thread.jspa?threadID=24903&tstart=0
Post intallation steps: http://www.igniterealtime.org/forum/thread.jspa?messageID=138111𡭿
Any comments would be appreciated, thank you.