
	Home > Ask the Security Experts > Application Security Questions & Answers > How VPNs interact with instant-messaging applications

Ask The Security Expert: Questions & Answers

EMAIL THIS

How VPNs interact with instant-messaging applications

EXPERT RESPONSE FROM: Michael Cobb, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 02 January 2006
I use my home PC (Windows XP Pro) to connect to my company's server through a VPN. I downloaded AOL Instant Messenger (AIM) to run locally for my own use. Does the VPN encrypt and/or protect my messages?

VPNs allow secure, encrypted connections between an organization's private network and remote users through a third-party service provider. The goal is to extend trusted relationships across the Internet, without sacrificing security. When a company's server is accessed through a VPN, the traffic between the user's PC and the server travels over the Internet using cryptographic tunnelling protocols to provide protection and security. If your company's VPN is configured to require that all IP traffic must pass through the VPN tunnel, then, all outside connections must pass through the company's firewalls. This ensures you have the same level of protection as you do when working at the office.

If you use an instant messaging (IM) service to connect with other Internet users who are not part of your corporate network, once your message leaves your network it be will be in clear text. It's important to note that it is unlikely your IM traffic will be allowed to travel through your company's firewall, because IM's are inherently insecure and I imagine that your company's VPN and firewall policies are set to only allow acceptable traffic. Since you installed AIM yourself, I assume your organization does not allow IM traffic through its firewall. If this is the case, you are connecting directly to the Internet and not through your company's VPN. Therefore, unless you have a desktop firewall, antivirus and antispyware software on your home PC, you put yourself at risk of attack and/or infection by malicious code.

While more recent versions of AIM allow you to digitally sign and encrypt your chat and file transfers by using a personal digital certificate, free Internet IM programs generally do not, therefore, you should never assume your IM conversations are completely secure. On a final note, to be safe, I would first check with your network administrator to determine whether you are allowed to install and run programs such as AIM on a PC that is used to connect to the company network.

More Information

Test your knowledge of IPsec and SSL VPNs with this quiz.

Have an application security question from Michael? Submit your question here.

BROWSE BY TAG

Application Security, Application and Platform Security, IM Security Issues, Risks and Tools, IPsec VPN Security, Secure VPN Setup and Configuration, Enterprise Network Security, SSL and TLS VPN Security, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	Do Facebook URL security concerns justify blocking social networks?
	Is there a way to block iPhone widgets that bypass Web filters?
	Should enterprises be concerned with Twitter in the workplace?
	Are there still Google Desktop security problems?
	Can an IP spoofing tool be used to spam SPF servers?
	Will an application usage policy best control network bandwidth?
	How can URL-shortening services be manipulated?
	Is my security program ready for Web application firewall deployment?
	How to ensure the security of a shopping cart application
	When to use the service features of the Metasploit hacking tool

IM Security Issues, Risks and Tools

What are effective ways to stop instant messaging (IM) spam?

Secure messaging complications result in limited protection

Is it possible to ban chat programs on an enterprise LAN?

How to lock down instant messaging in the enterprise

AOL closes AIM attack vector, but risks remain

Researcher says AIM still vulnerable, AOL insists it's fixed

Serious security flaw in AOL Instant Messenger

Security flaws found in AOL, Yahoo IM programs

Flaw found in MSN Messenger

AOL, Yahoo, Trillian IM applications under threat

IPsec VPN Security

Best Remote Access Products

How to set up a split-tunnel VPN in Windows Vista

What is the difference between a VPN and remote control?

A short enterprise VPN deployment guide

From the ground up: Creating secure WLANs

Can S/MIME, XML and IPsec operate in one protocol layer?

How to create a secure network through a shared Internet connection

What firewall controls should be placed on the VPN?

VoIP tools, attacks could increase threat

Best practices for processing financial data through remote servers

IPsec VPN Security Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

greynet (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy