Security Basics mailing list archives

RE: Survey: Chat and IM

From: Chris Santerre <csanterre () MerchantsOverseas com>
Date: Wed, 27 Nov 2002 10:22:55 -0500

I had kicked around the idea. I wanted to control the IM or chat servers
internally and use encryption. I found a few products that do this, however
they are quite pricey. The ROI just wasn't there. So I dropped the idea for
now and saved headaches for the moment. I didn't find any good GPL product,
but I didn't look that hard. 

I would start by really trying to find out what exactly they want to do,
maybe there are alternatives.



-----Original Message-----
From: LEHMANN, TODD [mailto:TODLEH () SAFECO com]
Sent: Tuesday, November 26, 2002 1:07 PM
To: 'ONEILL David J'; security-basics () securityfocus com;
tony572001 () hotmail com
Subject: RE: Survey: Chat and IM


Every administrator I have ever met restricts that type of traffic because
it is a security risk and for bandwidth reasons. For instance, Yahoo
messenger maintains stale connections when the other person goes offline,
AIM has several buffer overflow exploits, and ICQ can be spoofed and
tunneled through. 

Todd Lehmann
Systems Analyst I
VPN Subject Matter Expert

-----Original Message-----
From: ONEILL David J [mailto:David.J.Oneill () state or us] 
Sent: Monday, November 25, 2002 1:56 PM
To: security-basics () securityfocus com; tony572001 () hotmail com
Subject: Re: Survey: Chat and IM

Good Luck ...  We got shot down in Flames, no matter how we packaged it.

David J. O'Neill
NEDSS - IS7
Parkway Bldg., 2nd Floor
Phone: (503) 378-2101 ext. 364
FAX:     (503) 378-2102

tony572001 () hotmail com 11/25/02 01:48PM >>>


Hi,

We currently are allowing web based chat and instant messaging.  I know that

there are lots of security issues involved with its usage.  The IT folks are

telling me that it is a common practice in the industry.  I have a hard time

believing this and this is one battle I would like to take on.

QUESTION:  DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING?  If

this was a battle you fought, could you please give me some ideas on how you

won the battle.  Any good articles/white papers that could support my 
position?


Toni CISSP, CPA
Security Services
NW Mutural Banking LTD




_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Current thread:

Re: Survey: Chat and IM, (continued)
- - Re: Survey: Chat and IM Devdas Bhagat (Nov 26)
- Survey: Chat and IM tony toni (Nov 26)
  - Re: Survey: Chat and IM Johannes Ullrich (Nov 26)
  - Re: Survey: Chat and IM Jason Yates (Nov 26)
    - Re: Survey: Chat and IM Zinger (Nov 27)
    - Re: Survey: Chat and IM Sumit Dhar (Nov 28)
- Re: Survey: Chat and IM Chris Berry (Nov 26)
- RE: Survey: Chat and IM Robinson, Sonja (Nov 26)
- RE: Survey: Chat and IM LEHMANN, TODD (Nov 26)
- RE: Survey: Chat and IM ChristopherShorter (Nov 28)
- RE: Survey: Chat and IM Chris Santerre (Nov 28)
- RE: Survey: Chat and IM Kuriscak, Ronald (Nov 28)
- RE: Survey: Chat and IM John Canty (Nov 28)
- RE: Survey: Chat and IM ALBEE,RUSSELL. S FC2 (CV63 CS5) (Nov 29)