Home > Ask the Security Experts > Application Security Questions & Answers > How VPNs interact with instant-messaging applications
Ask The Security Expert: Questions & Answers
EMAIL THIS

How VPNs interact with instant-messaging applications

Michael Cobb, featured expert EXPERT RESPONSE FROM: Michael Cobb, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 02 January 2006
I use my home PC (Windows XP Pro) to connect to my company's server through a VPN. I downloaded AOL Instant Messenger (AIM) to run locally for my own use. Does the VPN encrypt and/or protect my messages?


BROWSE BY TAG
Application Security,   Application and Platform Security,   IM Security Issues, Risks and Tools,   IPsec VPN Security,   Secure VPN Setup and Configuration,   Enterprise Network Security,   SSL and TLS VPN Security,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Application Security
Are Web application penetration tests still important?
What does 'invoked by uid 78' mean?
How secure are iPhone App Store mobile applications?
What security software should be installed on Internet café computers?
Are message stubs a secure part of email retention policies?
How does a Web server model differ from an application server model?
Can Google Earth and other mash-up applications threaten enterprise security?
Do European laws prevent a U.S. company from blocking spam?
Can one antivirus program be used to get rid of spyware?
How to prevent cross-site scripting (XSS) session hijacking

IM Security Issues, Risks and Tools
What are effective ways to stop instant messaging (IM) spam?
Secure messaging complications result in limited protection
Is it possible to ban chat programs on an enterprise LAN?
How to lock down instant messaging in the enterprise
AOL closes AIM attack vector, but risks remain
Researcher says AIM still vulnerable, AOL insists it's fixed
Serious security flaw in AOL Instant Messenger
Security flaws found in AOL, Yahoo IM programs
Flaw found in MSN Messenger
AOL, Yahoo, Trillian IM applications under threat

IPsec VPN Security
What is the difference between a VPN and remote control?
Can S/MIME, XML and IPsec operate in one protocol layer?
How to create a secure network through a shared Internet connection
What firewall controls should be placed on the VPN?
VoIP tools, attacks could increase threat
Best practices for processing financial data through remote servers
What ports should be opened and closed when IPsec filters are used?
DMVPN configuration: Should a firewall be between router and Internet?
How would you meet PCI requirement 2.3 when it comes to terminal service or RDP sessions?
How should the ipseccmd.exe tool be used in Windows Vista?
IPsec VPN Security Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
greynet  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


VPNs allow secure, encrypted connections between an organization's private network and remote users through a third-party service provider. The goal is to extend trusted relationships across the Internet, without sacrificing security. When a company's server is accessed through a VPN, the traffic between the user's PC and the server travels over the Internet using cryptographic tunnelling protocols to provide protection and security. If your company's VPN is configured to require that all IP traffic must pass through the VPN tunnel, then, all outside connections must pass through the company's firewalls. This ensures you have the same level of protection as you do when working at the office.

If you use an instant messaging (IM) service to connect with other Internet users who are not part of your corporate network, once your message leaves your network it be will be in clear text. It's important to note that it is unlikely your IM traffic will be allowed to travel through your company's firewall, because IM's are inherently insecure and I imagine that your company's VPN and firewall policies are set to only allow acceptable traffic. Since you installed AIM yourself, I assume your organization does not allow IM traffic through its firewall. If this is the case, you are connecting directly to the Internet and not through your company's VPN. Therefore, unless you have a desktop firewall, antivirus and antispyware software on your home PC, you put yourself at risk of attack and/or infection by malicious code.

While more recent versions of AIM allow you to digitally sign and encrypt your chat and file transfers by using a personal digital certificate, free Internet IM programs generally do not, therefore, you should never assume your IM conversations are completely secure. On a final note, to be safe, I would first check with your network administrator to determine whether you are allowed to install and run programs such as AIM on a PC that is used to connect to the company network.

More Information

  • Test your knowledge of IPsec and SSL VPNs with this quiz.
  • Have an application security question from Michael? Submit your question here.




    • Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts