ABSTRACT
Instant messaging (IM) has moved from home to office, from a toy to an enterprise application. It has
become part of our social infrastructure and will become part of our economic infrastructure. Like most
technology, it has many uses-some good, some bad. It has both fundamental and implementation-
induced issues. This chapter describes IM and gives examples of its implementation. It describes
operation and examines some sample uses. It identifies typical threats and vulnerabilities, and examines
the security issues that IM raises. It identifies typical security requirements and the controls available to
meet them. Finally, it makes security recommendations for users, operators, enterprises, and parents.
Instant messaging, or chat, has been around for about 15 years. However, for most of its life, its use has
been sparse and its applications trivial. Its use expanded rapidly with its inclusion in America Online’s
service. For many children, it was the first application of the Internet and the second application of the
computer after games. Although many enterprises still resist it, it is now part of the culture. It is an
interesting technology in that it originated in the consumer market and is migrating to the enterprise
market. Like Web browsing before it, IM is entering the enterprise from the bottom up-from the user to
the enterprise.