RE: Survey: Chat and IM

[ChristopherShorter () westfieldgrp com]

We've implemented Lotus Notes "Sametime".  Lotus Notes itself encrypts
messages and Sametime (Lotus' version of  IM and Net meeting combined)
conducts an encrypted session. We're actually conducting desktop video /
meetings with this product also.


                                                                                                                   
                    "Robinson,                                                                                     
                    Sonja"               To:     'tony toni' <tony572001 () hotmail com>,                             
                    <SRobinson@HIP        "'security-basics () securityfocus com'"                                    
                    USA.com>              <security-basics () securityfocus com>                                      
                                         cc:                                                                       
                    11/26/2002           Subject:     RE: Survey: Chat and IM                                      
                    11:00 AM                                                                                       
                                                                                                                   
                                                                                                                   




Absolutely not.  Any Internet based IM goes out of your network nd across
the Internet.  BAD, BAD, BAD.  Now, there are some NEW products that allow
for INTERNAL IM, AOL, Honey-something I think and MS to name a few. This we
are investigating.  Also, it allows for a direct connection betrween the
two
PC's so there are some other tunneling issues, FTP allowed, etc that are
problems since it cicumvents the firewall.

Just because something is common place does NOT mean it is the wise thing
to
do.

> -----Original Message-----
> From: tony toni [mailto:tony572001 () hotmail com]
> Sent: Thursday, November 21, 2002 4:03 PM
> To: security-basics () securityfocus com
> Subject: Survey: Chat and IM
>
>
>
> Hi,
>
> We currently are allowing web based chat and instant
> messaging.  I know that
> there are lots of security issues involved with its usage.
> The IT folks are
> telling me that it is a common practice in the industry.  I
> have a hard time
> believing this and this is one battle I would like to take on.
>
> QUESTION:  DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT
> MESSAGING?  If
> this was a battle you fought, could you please give me some
> ideas on how you
> won the battle.  Any good articles/white papers that could support my
> position?
>
>
> Toni CISSP, CPA
> Security Services
> NW Mutural Banking LTD
>
>
>
>
> _________________________________________________________________
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail


**********************************************************************
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is
intended only for the individual(s) named herein or others specifically
authorized to receive the communication. If you are not the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender of the error
immediately, do not read or use the communication in any manner, destroy
all copies, and delete it from your system if the communication was sent
via email.




**********************************************************************