>The messages are usually smaller than e-mail. And > no they aren't insecure (well besides the gaping hole AIM just patched). A > stateful firewall or CBAC can stop session hijacking.
It is the statement like this that makes me almost fall off my chair. What planet are you coming from? What make you think that these IM is secured (excluding the gapping hole in AIM). Remember, you have to connect the client to an external IM server, the information is traveling in "clear text" including your username and password. What makes you think that these IM servers are secure? Furthermore, your communication can be monitored by a third party. CBAC or stateful Firewall can not prevent this because your session is being monitored on the IM servers. There is nothing that your firewall can do. If hackers successfully hack the IM servers, consider your conversation available to everybody else. The best way to secure communication is running IM over Secure Socket Layer (SSL). I've been using jabber over SSL for a few months now and it is working great. You want something secure, build your own jabber server, run the service over SSL and have your buddies to connect to your jabber IM server for secure communication. Jabber server is a freeware available on Linux platform. ----- Original Message ----- From: "Steven A. Ridder" To: Sent: Sunday, January 06, 2002 11:38 AM Subject: Re: How to block MSN, and others. [7:31057] > I can't imagine the problem with Messenger apps. I feel that instant > communication can be handy at times. Sometimes I hate waiting for an e-mail > response, and a messenger service fits that niche nicely. And no, they > don't waste bandwidth. The messages are usually smaller than e-mail. And > no they aren't insecure (well besides the gaping hole AIM just patched). A > stateful firewall or CBAC can stop session hijacking. > > I don't use instant messaging at all (except for e-bay alerts and traffic > updates) but I see huge potential for IM and I bet that messaging will only > get more ubiquitous as the years go by. So try and live with it instaed of > fighting it all the time. > -- > > RFC 1149 Compliant. > > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31066&t=31057 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
