One of our clients recently asked for some guidance concerning Instant Messaging applications. Here are my thoughts on the subject:
There are several benefits that IM communication brings (namely giving a community bank an advantage over a larger bank). It may be that the rewards outweigh the risks. However, we must keep in mind that there are risks. IM has become an extremely popular attack vector. That said, there are ways that you can secure this method of communication, or at least minimize risk.
If you want to know more… read on.
1. Setup stand alone machines that are segmented from the internal network. This would allow you to minimize the risk of infecting your network.
2. Use web-based SSL-encrypted chat… accessible through your website. However, this option doesn’t offer the “personabilityâ€? that a straight-up IM client would.
3. Use a third-party client. There is a client out there called Omnipod, which hooks into AOL’s network, but removes the ability for text/code to be executed through a chat window, thereby removing the vulnerabilities inherent in most IM clients.
4. A fourth option may be AIM Pro. Though, let me say this say this. I don’t know much about it. I have heard it is supposed to improve security, but I’m not familiar with how it will supposedly accomplish this, and I do not know if it can interface with a the standard IM client that most customers will probably be using.