Toni, David... Have you (and your respective staffs) considered a compromise? I don't know precisely how widespread business IM use is, but it is an expanding market. If your end-users (and by extension, IT staff) see it as a business requirement, it seems to me that the "battle" has already been lost. Better to achieve some measure of control than to fight a battle that is doomed to failure.
There are a number of products on the market now that allow you to configure your own IM and chat servers that you can configure for internal use. If users perceive a business need for such a product, a reasonable measure of security can be achieved while still providing legitimate business functionality. Perhaps packaging it to the users (from both your group and the IT group) that we understand the need for such a tool, however due to security concerns, usage must be limited both in scope (i.e. business use only) and in location (i.e. no communication with external entities). Limit usage within the confines of your network (or at the least, VPN connections for remote users). That should help alleviate your concerns somewhat and allow IT to provide a tool that users consider useful for the business process. Hope this helps at least a bit. Charlie ONEILL David J wrote: > Good Luck ... We got shot down in Flames, no matter how we packaged it. > > David J. O'Neill > NEDSS - IS7 > Parkway Bldg., 2nd Floor > Phone: (503) 378-2101 ext. 364 > FAX: (503) 378-2102 > > >>> [EMAIL PROTECTED] 11/25/02 01:48PM >>> > > Hi, > > We currently are allowing web based chat and instant messaging. I know that > there are lots of security issues involved with its usage. The IT folks are > telling me that it is a common practice in the industry. I have a hard time > believing this and this is one battle I would like to take on. > > QUESTION: DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING? If > this was a battle you fought, could you please give me some ideas on how you > won the battle. Any good articles/white papers that could support my > position? > > Toni CISSP, CPA > Security Services > NW Mutural Banking LTD > > _________________________________________________________________ > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > > > > > > > > > > > > > > > > > > > -- E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. --