Re: aol/aol instant messenger

[James Croall <james () foo org>]

> what is your opinion on letting aol and/or aol instant messenger through
> a firewall.  please assume there is, at least, some business 
> justification for its use.

AOL Instant Messenger seems pretty safe, for the most part. Out of the
box it'll run through most firewalls, using an SSL "proxy" or an HTTP
proxy. Most of it's dangerous features (the Rendesvouz (sp?) chat and
file transfer) won't work without more liberal rules on the firewall.

A lot of sites have "no ICQ" and "no AIM" policies, but I can't say I
know many users who abide by them. It's just to easy to run it through
a firewall.

The complete AOL service, on the other hand, is a bit riskier :-) The
software establishes an IP tunnel between the user's desktop and AOL,
creating a nice back door into your network. There's some code around
here that can block access to the IP Tunnel through your firewall, but
I don't know of any commercial products that have such features.

- James