Instant Messaging

Instant Messaging is a Global Communications Medium for Business and Consumers. 85% of organizations report that they use IM for business usage and there are a reported 400 million global IM users.
IM though does present a number of security issues. Unprotected IM is vulnerable to viruses and spam. In addition to this its ability to dynamically connect out over numerous ports (tcp 80/443 etc) to a number of various IM servers can make the process of blocking IM fairly difficult.
Within the IM landscape we group them within 3 groups:

  • Consumer IM Services – MSN, Yahoo etc
  • Enterprise IM Servers – Microsoft Communicator etc
  • Hosted IM Providers – Communicator inc, Parlano ( mainly used in financial companies. Allows for organization to organization rather then person to person based IM)

How IM works
Normal IM typically routes through a “Cloud Server” which is hosted by the IM Provider (such as Yahoo, MSN). Messages are routed through the cloud and then relayed out to the receiving user.


  1. User A will initiate the sign in process and establishment with the Cloud Server.
  2. After the connection has been established with the IM server user A logs in with their screename and password.
  3. User A connection information is also sent across such as (IP, port and status).
  4. Once received by the Cloud Server the Presence Phase will be initiated.
  5. User A submits a status request of the contacts within their buddy list.
  6. The Cloud Server will then query and update the Presence information.


  1. When user A goes offline or exits it will up send a message to the Cloud server indicating that they have terminated the session.
  2. The Cloud Server will update user A`s status to each person within user A`s contact list.
  3. After a period of time the server will delete the file containing user A`s session information.
Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial