Security Basics mailing list archives
RE: ICQ Corporate Security Risks
From: <adisegna () siscocorp com>
Date: Mon, 14 Mar 2005 13:25:13 -0500
I just wanted to introduce some questions: Are you currently logging all the traffic and conversations? I'm not familiar with the ICQ server. Can traffic be encrypted? Can you configure chat only, no URLs or files? Why not use webmail? Thanks AD Information Technology Group -----Original Message----- From: Andrew Aris [mailto:andrew () dev bigfishinternet co uk] Sent: Monday, March 14, 2005 5:34 AM To: security-basics () securityfocus com Subject: ICQ Corporate Security Risks Hi guys, Just looking for a quick sort of straw poll really, my company runs an internal ICQ corporate server for internal IM and we occasionally have people who are out on the road who need to communicate with people back at the office, the current method is to VPN in to the XP Pro box that hosts the ICQ and connect to it that way, however the drawbacks of this are that a) only one person can do it at any one time b) sending ICQ messages is clunky as you have to wait for the direct connection attempt to time out and then "send through server". The proposed solution is to open the ICQ port on the firewall and then port forward to the appropriate machine thus solving both the problems. My question is how great a security risk do people think this would be? cheers, Andrew
Current thread:
- Re: Any remote client - without fixed IP, (continued)
- Re: Any remote client - without fixed IP Kieran Combes (Mar 16)
- Re: Any remote client - without fixed IP Raoul Armfield (Mar 16)
- Re: Any remote client - without fixed IP Vinay Patel (Mar 16)
- Re: Any remote client - without fixed IP Vinay Patel (Mar 16)
- RE: Any remote client - without fixed IP Burton Strauss (Mar 16)
- Re: Any remote client - without fixed IP André Gil (Mar 16)
- IUSR issue after patch hartmann (Mar 17)
- RE: IUSR issue after patch dave kleiman (Mar 17)