Less Than Secure
Introduction Within the next few weeks, ServerWatch will offer links to reviews of instant messaging servers. For those not yet clear on the basics of instant messaging servers, we offer this overview compiled from articles previously published on CrossNodes.
The security concerns are legitimate. For an IM system to work, a user’s workstation must broadcast that it is on the network. Once two workstations connect, the conversation takes place across a virtual connection. Most IM systems currently do not support such security staples as authentication and encryption. This means that a hacker can intercept any exchange of information. An unauthorized person also can use an IM connection to access the corporate network and possibly introduce viruses. Further, IM exchanges typically are not logged, and this makes it impossible for corporate management to monitor and control the links.
However, much as IS managers complain, IM usage continues to grow.
Most IM systems operate as a proprietary application, but this is changing quickly. AOL is under a government mandate to communicate with other IM applications, and several vendors support the emerging Session Initiation protocol for Instant Messaging and Presence Leveraging Extensions (SIMPLE) standard. This proposed format enables users to use the Internet for voice exchanges and establish conferences. The momentum toward a more open IM standard will increase further with Microsoft’s IM support under its Windows XP operating system.