Protect Your Network From Instant Messaging Risks

One of the computing's greatest hidden dangers is instant messaging. Here's how to make sure you and your network stay safe when using IM.
Publish date:
Social count:
One of the computing's greatest hidden dangers is instant messaging. Here's how to make sure you and your network stay safe when using IM.

Courtesy of Networking Pipeline

Business users are clamoring for IM, but many network architects turn a cold eye to it because of security dangers such as worms, spam, phishing attacks, unauthorized release of sensitive data, etc. Yet, according to a December 2005 Gartner report, by 2010, 90 percent of business users with business e-mail accounts will have IT-controlled IM accounts.

"As IM traffic becomes increasingly higher in volume and potentially higher in value, organizations will need to adopt 'enterprise class' IM technologies as well as IM hygiene (security) services to ensure efficient, integrated, reliable and secure use of IM technologies," the report notes.

Here's 11 steps to help make sure people on the network get the most out of IM, but without the dangers.

  1. Use Microsoft's Live Communications Server software, recommends Patrick Verhoeven, group manager, IT solutions product management for Verizon Communications, Inc. ( The Microsoft application includes a filter that tracks network usage. By tracking network usage, companies can tell if there's unauthorized use of IM.
  2. Use a hosted IM service, adds Verhoeven, whose company launched such a service (Verizon Hosted Secure Instant Messaging) in early April. A hosted IM service takes the much of the burden of keeping up with security off the shoulders of the client company and puts it on the host.
  3. Assign group policy rules to control instant messaging across the enterprise. Verhoeven, as well as several other experts, points out that most employees will use IM whether corporate policy permits it or not. But companies should be able to enforce the use of instant messaging.
  4. Enable content filtering and blocking. Just as content filtering and blocking help prevent viruses, worms and other malware e-mail from infecting the network via email, employing these technologies for IM provides similar protection, Verhoeven says.
  5. Log and audit IM conversations. This includes searching logs based on keywords, dates, participants, protocols or some combination of these factors. Such logging and auditing should be reviewable by an authorized reviewer as well as the IM user for any specific message. There should also be an defined retention period to store this information, according to Verhoeven.
  6. Use a proxy to provide a gateway to communications. Jose Nazario, senior engineer at Arbor Networks (, says that such a gateway provides a middle point between communication endpoints and can include security applications to detect malicious content in IM messages.
  7. Limit IM to the company intranet. This helps ensure that only known users are sending and receiving IM, says Chris Bellomy, president and founder of Plan B Email Services ( This puts all IM behind a logical firewall. It limits the use of IM to known users, but limits the advantage of IM, Bellomy admits, because some users might have legitimate reasons (i.e., sales messages to prospects or customers) to use IM outside of the company for corporate purposes.
  8. Treat IM like e-mail. Corporate policies regarding usage, use of firewall, anti-malware applications and other precautions should be no different for IM than for e-mail, says Sanjay Beri, director of product management, security products group, Juniper Networks,,
  9. Enforce IM policies. Simply having a corporate policy without actual enforcement does the enterprise little good, Beri says. This means using technology to deny IM usage from any PC or laptop that doesn't have the latest security applications (anti-virus, Microsoft security updates and similar applications and patches).
  10. Use the XMPP standard. The Extensible Messaging and Presence Protocol (XMPP) is the Internet Engineering Task Force's formalization of the base XML streaming protocols for instant messaging and presence developed within the Jabber Software Foundation ( starting in 1999. This standard enables the enterprise to customize the way that instant messaging works within the organization, Beri says. Therefore every connection for IM, e-mail, etc., can be authenticated. Unauthorized connections aren't allowed, limiting the chance of IM producing security problems.
  11. Don't permit use of encryption in IM. If a user's is encrypting IM messages, the monitoring system can't determine if the IM is legitimate or if it's sending out corporate secrets or contains other unauthorized communication, Beri says.



Instant messaging does not work at school

Question: I need to use iChat videoconferencing software to make video connections with a classroom in another state, but for some reason I cannot connect at school as I can from my cable modem at home. What is the problem? The IT Guy says: Most likely your district IT department has set up your school network so

Protecting Your Digital Privacy

Listen to this podcast From banks to school districts to the Veterans Administration, every other week, we hear about some other individual who has jeopardized confidential information for millions of people. This article is about how YOU can maintain your digital privacy on your computer. Consider these

Instant Messaging over port 80

Question: Our school district has instant messaging blocked, but we have several teachers who want to participate in a collaborative project with educators in another state who use instant messaging frequently. Is there a way they can use instant messaging when it is blocked by our district? The IT Guy

Wireless Networks and Health Risks

Question: Do wireless networks in schools pose health risks for students and teachers? The IT Guy says: A recent court case in Illinois ( has caught headlines and raised fears about wireless networks posing health risks. I have wondered myself about all the invisible signals

Secure Your Wireless Network

Imagine a completely wireless school, an open network in which all students and staff can roam around using laptops or handheld computers to browse the Internet, access files and applications on the school server, and communicate with each other and the world via e-mail. It's a great picture — and at some

Live From NECC: Instant Grading promo image

Live From NECC: Instant Grading

GradeCam Corporation introduces GradeCam, software which, when paired with an affordable web or document camera, allows classroom teachers to assess student learning instantly by scanning and grading multiple choice tests

Protecting your IT investment

Winston Salem Forsyth is the fifth largest school system in North Carolina with about 51,000 combined students in its 40 elementary, 15 middle and 11 high schools. The Computrace® software will be used on over 25,000 computers.The Computrace solutions address