Google
 

Saturday, August 23, 2008

Safe Instant Messaging - Ten tips to protect yourself while chatting online

Safe Instant Messaging

Ten tips to protect yourself while chatting online
 
Just like e-mail, instant messaging (IM) also poses security threats. In some ways, the threats are more severe in this case, because to use instant messaging, you have to bypass any firewall that you've installed on your machine. This means that potential threats, such as viruses, worms or Trojans already have a door that opens to your computer through the firewall. What's more, they also have a readymade list of your friends which they can use for further infection and propagation.
 
For instance, you could receive a message with a URL from a trusted source, while the URL may lead you to a Web page that contains malicious code, such as a Trojan. Within minutes, the URL will be sent from your instant message ID to your buddy list, with all your friends assuming that you've sent the link. If you or any of them click the URL, an infection is guaranteed. The same thing can also happen through file transfers, where the attachment may contain a Trojan, virus, or worm, or a combination of these.
 
Such malicious code can make a lot of mischief on your machine, such as stealing passwords and other personal information, using your machine in denial of service attacks, configuring your hard disk to share all your files, and so on.
 
It's essential, therefore, to be very careful while using instant messaging. Here are some things you can do for your protection.
 
  • Speak only to known people
    Instant messaging should ideally be used only to speak to people who are on your Contacts list. Making contact with a stranger over chat is fraught with risks, as you don't know the other person's intentions or why he or she wants to chat with you. Chatting in public rooms also pose a similar risk. When you receive chat invitations, you should be careful of who you add to your contacts or friends or buddy list. Add only those people whom you know well and trust; and accept invitations to be added to the contacts' or friends' lists of only such people.
     
  • Be wary of links and downloads
    If you receive an image, link or other files over IM, first confirm that they are from someone you trust. You should never download anything or click a link sent by strangers. The second step is to confirm with the senders if they have sent anything—if it's a malicious file or link that used the sender's ID to propagate itself, your friend won't know anything about it.
     
  • Be secretive of personal information
    You should not give your name or email ID in areas such as public chat rooms. It's also advisable not to disclose personal information such as telephone numbers, passwords, bank account or credit card numbers in IM conversations, even if you're talking to someone you know. Most IM service providers don't ask you for personal information. So, if you get a message professing to be from the service provider and asking you to 'verify' your ID or password, you can be sure that it's fake and a security threat. Ignore such messages.
     
  • Create good screen names
    Ideally, your screen name for IM should not give out personal information like your name or email ID. Using a nickname is much safer.
     
  • Be careful on public computers
    If you use IM at a cyber café, don't use the option of logging on automatically. Otherwise, your information will be visible to people who use the computer after you.
     
  • Never respond to unsolicited messages
    If someone is sending you unsolicited chat invitations or messages, you should not respond to them. Most IM applications give you the option to block senders—use that.
     
  • Advise your children about IM security
    Ensure that your children are safe while using IM. Advise them against responding to unsolicited messages, giving out personal information, and downloading files over IM. Speak to them about the threats of using IM and how they can use it safely.
     
  • Download and install updates
    Be sure to download and install any security updates provided by your IM service provider. These will help to plug any security loopholes in the application.
     
  • Avoid using IM at work
    Using IM applications at work puts not only you, but the entire corporate network at risk for infection. That's because most IM applications open a way through firewalls, which is risky. Therefore, try not to use IM at work, unless your employer has a corporate IM solution, policy and security measures in place.
     
  • Use encryption on corporate networks
    If a corporate wants to use IM, an instant-messaging application that enables encryption should be used. Several providers have such applications for corporate use. In addition, users should be aware of the security risks, and the corporate security policy should involve keeping IM logs to detect suspicious activity.

No comments:

Google