Home page logo
/

basics logo Security Basics mailing list archives

Re: Survey: Chat and IM
From: Zinger <zinger () zinger org>
Date: Wed, 27 Nov 2002 01:41:39 -0500

We use the AIM protocol (although with some restrictions - no inbound file transfers - and Trillian, which supports encryption), and it's a valuable part of our business tools. If we were to remove this feature, it would be a noticeable detriment to employee's productivity. The most important consideration with every security restriction is vulnerability vs functionality. My company is an ISP, if I were responsible for the security of a financial organization, I'd lock everything down as tightly as possible.
Something to think about is setting up an internal IM server as a compromise.

- Z



> Hi,
>
> We currently are allowing web based chat and instant messaging.  I know
> that there are lots of security issues involved with its usage.  The IT
> folks are telling me that it is a common practice in the industry.  I have
> a hard time believing this and this is one battle I would like to take on.
>
> QUESTION:  DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING?
> If this was a battle you fought, could you please give me some ideas on how
> you won the battle.  Any good articles/white papers that could support my
> position?
>
>
> Toni CISSP, CPA
> Security Services
> NW Mutural Banking LTD



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]