Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.3  The Web
           9  2.3.3  Instant Messaging
                9  2.3.3.1  Vulnerabilities

Previous Topic/Section
Unauthorized Use of Internet IM
Previous Page
Pages in Current Topic/Section
1
Next Page
Lack of Logging and Audit Trails
Next Topic/Section

Lack of User Authentication

Additionally, there’s little in the way of authentication. In most cases, the IM program starts up when the user logs in. If the user walks away, they are still logged into the IM program and anyone can potentially walk up to their PC, click on a buddy within the organization’s accounting department, send a message asking for customer Jane Doe’s credit card number, and order themselves a nice new stereo from their favorite net electronics provider without the accounting clerk’s knowledge that the person who submitted the credit card number request was unauthorized to do it. (After all, in IM today, messages tend to be sent in text rather than by voice, so they lack even the primitive authentication mechanism we have with voice conversations, that of, “Does that voice sound like the person I expect to be talking with?”) As noted above, some solutions have started to address the need for user authentication via PKI, but commonly-available clients have yet to support authentication beyond, “If you know the user ID, and you know the password, you must be that user.”


Previous Topic/Section
Unauthorized Use of Internet IM
Previous Page
Pages in Current Topic/Section
1
Next Page
Lack of Logging and Audit Trails
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.