Microsoft touts Live Communications Server for securing IM

Opinion
Sep 28, 20053 mins

* Microsoft shows the way to secure IM

Instant messaging – to some network managers it’s the devil’s tool. It eats up bandwidth while contributing to a downturn in productivity they say. Others think it’s a security minefield, where the unwary risk having viruses and other malware surreptitiously added to their users’ desktops and, worse, their network servers.

Banning IM doesn’t seem to work. Plugging ports in the firewall keeps people from IMing across security borders, but does nothing to stop them internally. Worse, all these measures take time and effort to maintain while causing ill-feeling among the users. Most users don’t think much of the IT department to begin with – why give them more reasons to complain? But you do need to control that traffic, don’t you?

According to a Microsoft white paper, “Securing Enterprise Instant Messaging with Live Communications Server 2005,” : “…the implementation of [IM] systems in many enterprises has occurred in a disorganized manner, driven by ad hoc adoption of public instant messaging networks by employees… From a business integrity and security standpoint, this adoption is troublesome because public instant messaging networks are driven by a need for open conversation with little thought to underlying security requirements.” So what can you do?

As you may have guessed from the title of the white paper, Microsoft thinks that it’s Live Communications Server (LCS) might just be the answer to your dilemma.

LCS is an outgrowth of an IM client that was introduced in Exchange 2000. This is the second iteration of LCS, the first being released in 2003 (as LCS 2003, of course), and was designed from the ground up with security and manageability in mind.

Microsoft claims that there are a number of security problems inherent in public IM networks:

* The difficulty of monitoring or blocking client-to-client file transfers, giving attackers an easy route to send malicious code directly to internal machines.

* The existence of security vulnerabilities in the IM clients themselves.

* The ease with which an eavesdropper can capture IM session data by monitoring it as it transits the public network.

* The difficulty of providing adequately secure communications between users inside an organization and business partners or customers outside it.

Not surprisingly, Microsoft claims that LCS overcomes all of these problems with several security and reliability features, including enhanced encryption at both the client and server, strong authentication between clients and servers, secure federation, and advanced compliance and logging.

In addition, LCS provides what Redmond refers to as “enterprise-grade” manageability (most public IM have none at all) by being integrated with the Windows Server System platform providing a number of benefits, including single sign-on, policy-based management, as well as management through familiar, extensible Windows tools.

If IM is a problem on your network, or if you feel that IM could (if used properly) benefit your enterprise, then you should read the white paper and then decide if LCS 2005 would be a plus in your network.