RE: Looking for a discussion on IM

[Kevin Lundy]

Two things come to immediate mind:   1) Many IM clients allow for file transfer.  Depending on your overall security policy this in itself can be an issue.  Even if you allow people to transfer files, the IM client then becomes a point of security control.  For example, with AIM, it is supposed to ask the user if it is ok if their chat partner sends them a file.  How long do you think it will be before hackers manage to bypass that "confirmation"?  Further, then they bad-guys could then just send a backdoor program to the hard disk.  Or just pick up sensitive data from the computer.   2) There has already been at least one IM based virus - done by embedding malicious code in an icon smiley face.  This becomes another area where the anti-virus vendors have to keep up.    I'm sure there are other reasons as well, those are just the 2 that come to my mind before finishing my first cup of coffee. -----Original Message----- From: Clark, Steve [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 23, 2001 11:17 PM To: NT System Admin Issues Subject: Looking for a discussion on IM Hello,   I have been asked to research and potentially implement IM for a company to communicate internally as well as externally. However, I have always heard that IM was evil and to close it down ASAP. I would like to hear real world implementation concerns/ tips as well as the security issues associated.   Thanks in advance for your input.   Steve Clark Clark Systems Support, LLC AVIEN Charter Member "Who's watching your network?" www.clarksupport.com           301-610-9584 voice           240-465-0323 Efax   http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm