Instant Messaging Security Issues

Instant messaging (IM) has moved from home to office, from a toy to an enterprise application. It has

become part of our social infrastructure and will become part of our economic infrastructure. Like most

technology, it has many uses-some good, some bad. It has both fundamental and implementation-

induced issues. This chapter describes IM and gives examples of its implementation. It describes

operation and examines some sample uses. It identifies typical threats and vulnerabilities, and examines

the security issues that IM raises. It identifies typical security requirements and the controls available to

meet them. Finally, it makes security recommendations for users, operators, enterprises, and parents.

Instant messaging, or chat, has been around for about 15 years. However, for most of its life, its use has

been sparse and its applications trivial. Its use expanded rapidly with its inclusion in America Online’s

service. For many children, it was the first application of the Internet and the second application of the

computer after games. Although many enterprises still resist it, it is now part of the culture. It is an

interesting technology in that it originated in the consumer market and is migrating to the enterprise

market. Like Web browsing before it, IM is entering the enterprise from the bottom up-from the user to

the enterprise.