5.6 Summary

In summary, we recommend that you always use a best practices approach to mitigate IM security threats. Some of the critical IM security best practices that we recommend are to establish a corporate IM usage policy; encourage users not to send confidential information over public IM systems; properly configure corporate firewalls to block unapproved IM traffic; deploy private corporate IM servers if possible to isolate your corporate messaging systems from the outside world; enforce client-side IM settings (e.g., refuse file transfers by default); install patches to IM software as soon as possible; and use vulnerability management solutions to ensure IM client policy compliance. Both corporations and home users should deploy a desktop firewall or an integrated antivirus/firewall on all desktops. Such a firewall can help block usage of unapproved IM programs and potentially prevent attacks to and from these systems.

See URL http://www.cert.org/incident_notes/IN-2000-07.html.