Re: ICQ Corporate Security Risks

["Steve" <securityfocus () delahunty com>]

Recommend a true corporate VPN, can likely benefit you in other ways as
well.  Can get a fairly cheap VPN appliance now-a-days that is secure.

STEVE
----- Original Message ----- 
From: "Andrew Aris" <andrew () dev bigfishinternet co uk>
To: <security-basics () securityfocus com>
Sent: Monday, March 14, 2005 5:33 AM
Subject: ICQ Corporate Security Risks


Hi guys,

Just looking for a quick sort of straw poll really, my company runs an
internal ICQ corporate server for internal IM and we occasionally have
people who are out on the road who need to communicate with people back at
the office, the current method is to VPN in to the XP Pro box that hosts the
ICQ and connect to it that way, however the drawbacks of this are that a)
only one person can do it at any one time b) sending ICQ messages is clunky
as you have to wait for the direct connection attempt to time out and then
"send through server". The proposed solution is to open the ICQ port on the
firewall and then port forward to the appropriate machine thus solving both
the problems.

My question is how great a security risk do people think this would be?

cheers,

Andrew