Manage

How VPNs interact with instant-messaging applications

In this Ask the Expert, application security expert Michael Cobb reviews how an enterprise-wide VPN works and whether it encyrpts and protect instant-messaging communications.

Michael Cobb

I use my home PC (Windows XP Pro) to connect to my company's server through a VPN. I downloaded AOL Instant Messenger (AIM) to run locally for my own use. Does the VPN encrypt and/or protect my messages?

VPNs allow secure, encrypted connections between an organization's private network and remote users through a third-party service provider. The goal is to extend trusted relationships across the Internet, without sacrificing security. When a company's server is accessed through a VPN, the traffic between the user's PC and the server travels over the Internet using cryptographic tunnelling protocols to provide protection and security. If your company's VPN is configured to require that all IP traffic must pass through the VPN tunnel, then, all outside connections must pass through the company's firewalls. This ensures you have the same level of protection as you do when working at the office.

If you use an instant messaging (IM) service to connect with other Internet users who are not part of your corporate network, once your message leaves your network it be will be in clear text. It's important to note that it is unlikely your IM traffic will be allowed to travel through your company's firewall, because IM's are inherently insecure and I imagine that your company's VPN and firewall policies are set to only allow acceptable traffic. Since you installed AIM yourself, I assume your organization does not allow IM traffic through its firewall. If this is the case, you are connecting directly to the Internet and not through your company's VPN. Therefore, unless you have a desktop firewall, antivirus and antispyware software on your home PC, you put yourself at risk of attack and/or infection by malicious code.

While more recent versions of AIM allow you to digitally sign and encrypt your chat and file transfers by using a personal digital certificate, free Internet IM programs generally do not, therefore, you should never assume your IM conversations are completely secure. On a final note, to be safe, I would first check with your network administrator to determine whether you are allowed to install and run programs such as AIM on a PC that is used to connect to the company network.

More Information

Test your knowledge of IPsec and SSL VPNs with this quiz.

Have an application security question from Michael? Submit your question here.

This was last published in February 2006

How VPNs interact with instant-messaging applications

In this Ask the Expert, application security expert Michael Cobb reviews how an enterprise-wide VPN works and whether it encyrpts and protect instant-messaging communications.

Dig Deeper on VPN security

What to know about VPN termination

How to secure enterprise instant messaging

What firewall controls should be placed on the VPN?

DMVPN configuration: Should a firewall be between router and Internet?

Related Q&A from Michael Cobb

The risks and effects of spyware

Symmetric vs. asymmetric encryption: Decipher the differences

How to prevent software piracy

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Privacy-preserving machine learning assuages infosec fears

How Azure, AWS, Google handle data destruction in the cloud

Multi-cloud security strategies rely on visibility, uniformity

SearchNetworking

How the cloud fractures application delivery infrastructure ops

Why network configuration templates are useful in automation

An automation-first approach enables network predictability

SearchCIO

Return-to-office plans stress safety, security, collaboration

6 cognitive automation use cases in the enterprise

5 digital transformation strategies embracing the new normal

SearchEnterpriseDesktop

Citrix microapps look to ease office reopening

VMware Workspace One unifies reshaped digital workforces

Macs to run on Apple silicon, leaving Intel behind

SearchCloudComputing

Review the top sessions from recent cloud conferences

Test your cloud knowledge: VMs vs. containers vs. serverless

Cloud lock-in fears aren't as prevalent as you might think

ComputerWeekly.com

Cops take out encrypted comms to disrupt organised crime

Between a cloud and a hard place: companies change applications tack

IR35 private sector reforms: Finance Bill vote denies further delays to April 2021 start date

Related Resources

Dig Deeper on VPN security

What to know about VPN termination

How to secure enterprise instant messaging

What firewall controls should be placed on the VPN?

DMVPN configuration: Should a firewall be between router and Internet?

Related Q&A from Michael Cobb

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.