Practically all messaging applications are hacking targets on your network. Given the proliferation and business dependence on e-mail, just about anything is fair game. Ditto with VoIP. It’s downright scary what people with ill intent can do with it.
With messaging systems, one underlying weaknesses is that many of the supporting protocols weren’t designed with security in mind — especially those developed several decades ago when security wasn’t nearly the issue it is today. The funny thing is that even modern-day messaging protocols — or at least the implementation of the protocols — are still susceptible to serious security problems. Furthermore, convenience and usability often outweigh the need for security.
Many attacks against messaging systems are just minor nuisances; others can inflict serious harm on your information and your organization’s reputation. Malicious attacks against messaging systems include the following:
- Transmitting malware
- Crashing servers
- Obtaining remote control of workstations
- Capturing information while it travels across the network
- Perusing e-mails stored on servers and workstations
- Gathering messaging-trend information via log files or a network analyzer that can tip off the attacker about conversations between people and organizations (often called traffic analysis or social network analysis)
- Capturing and replaying phone conversations
- Gathering internal network configuration information, such as hostnames and IP addresses
These attacks can lead to such problems as unauthorized — and potentially illegal — disclosure of sensitive information, as well as loss of information altogether.