RE: Survey: Chat and IM

["LEHMANN, TODD" <TODLEH () SAFECO com>]

Every administrator I have ever met restricts that type of traffic because
it is a security risk and for bandwidth reasons. For instance, Yahoo
messenger maintains stale connections when the other person goes offline,
AIM has several buffer overflow exploits, and ICQ can be spoofed and
tunneled through. 

Todd Lehmann
Systems Analyst I
VPN Subject Matter Expert

-----Original Message-----
From: ONEILL David J [mailto:David.J.Oneill () state or us] 
Sent: Monday, November 25, 2002 1:56 PM
To: security-basics () securityfocus com; tony572001 () hotmail com
Subject: Re: Survey: Chat and IM

Good Luck ...  We got shot down in Flames, no matter how we packaged it.

David J. O'Neill
NEDSS - IS7
Parkway Bldg., 2nd Floor
Phone: (503) 378-2101 ext. 364
FAX:     (503) 378-2102

> > > tony572001 () hotmail com 11/25/02 01:48PM >>>

Hi,

We currently are allowing web based chat and instant messaging.  I know that

there are lots of security issues involved with its usage.  The IT folks are

telling me that it is a common practice in the industry.  I have a hard time

believing this and this is one battle I would like to take on.

QUESTION:  DOES YOUR COMPANY ALLOW WEB BASED CHAT AND INSTANT MESSAGING?  If

this was a battle you fought, could you please give me some ideas on how you

won the battle.  Any good articles/white papers that could support my 
position?


Toni CISSP, CPA
Security Services
NW Mutural Banking LTD




_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail