Instant Messaging

Instant Messaging is a Global Communications Medium for Business and Consumers. 85% of organizations report that they use IM for business usage and there are a reported 400 million global IM users.
IM though does present a number of security issues. Unprotected IM is vulnerable to viruses and spam. In addition to this its ability to dynamically connect out over numerous ports (tcp 80/443 etc) to a number of various IM servers can make the process of blocking IM fairly difficult.
Within the IM landscape we group them within 3 groups:

  • Consumer IM Services - MSN, Yahoo etc
  • Enterprise IM Servers - Microsoft Communicator etc
  • Hosted IM Providers - Communicator inc, Parlano ( mainly used in financial companies. Allows for organization to organization rather then person to person based IM)

How IM works
Normal IM typically routes through a “Cloud Server” which is hosted by the IM Provider (such as Yahoo, MSN). Messages are routed through the cloud and then relayed out to the receiving user.


  1. User A will initiate the sign in process and establishment with the Cloud Server.
  2. After the connection has been established with the IM server user A logs in with their screename and password.
  3. User A connection information is also sent across such as (IP, port and status).
  4. Once received by the Cloud Server the Presence Phase will be initiated.
  5. User A submits a status request of the contacts within their buddy list.
  6. The Cloud Server will then query and update the Presence information.


  1. When user A goes offline or exits it will up send a message to the Cloud server indicating that they have terminated the session.
  2. The Cloud Server will update user A`s status to each person within user A`s contact list.
  3. After a period of time the server will delete the file containing user A`s session information.