Best IM security appliance/Firewall

Posted on 2008-10-29
Last Modified: 2010-04-09
Dear Experts,

Organization size: 400 users
Currently using : Public MSN

I need some guidance in regard to choosing a corporate IM solution and the security that should go with it.

What we want:

- Able to avoid worms, poison URL's, virus, etc.
- Control over the sessions in real time
- monitor buddies/contact lists. To be able to remove/edit contact list once the user leaves the organization
- Force them to use user@organization' as their sign on. Or mask it somehow
- Archive the sessions
- Encrypted sessions In and out of the network
- LDAP connectivity

1- If we get a IM security appliance does it matter if I stay with MSN or if we switched to a solution such as the OCS client/ corporate client?

2-Here is a list of vendors I found. I wonder how familiar you are with their appliances/software: 

Thanks and  I appreciate your time and expertise,


Question by:JohnRamz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
LVL 23

Expert Comment

ID: 22835023
I would suggest MS OCS for the expandability and integration into your AD network along with interaction with Office and other MS applications.


Expert Comment

ID: 22835021
Check the products from St Bernard...

Expert Comment

ID: 22837896
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 38

Expert Comment

by:Rich Rumble
ID: 22837959
For security, it's jabber.
Jabber has been adopted by AOL, Google and others, cisco has also aquired jabber, however, jabber is encrypted all the way via TLS.
It can also be used for intranet IM'ing as well as public messaging. While you cannot easily monitor your users, on the wire, if your an admin you can certainly audit the users PC. The nature of encryption negates making it easy to evesdrop, snoop on traffic/messages. JabberNow is an appliance that integrates with AD and makes setup a cinch using such an appliance you can in fact archive conversations:Message Archiving and Reporting for Compliance|

Author Comment

ID: 22840431

The thing about Jabber is that our organization has about 400 people and Jabbernow can be licensed for up to 200 people. I also do not know if it is a good idea to commit to a company that is in a transition period.
LVL 38

Expert Comment

by:Rich Rumble
ID: 22840762
That's the appliance, the protocol is open and you can run your own server, see as opposed to .com. There is an app called BanderSnatch that can log all conversations that pass through your jabber server,
I've just tried it out and it works very well! Even logs conversations from my gmail to my internal, so I might have to do more research and testing to see if my clients would also benefit from it.... learn something everyday...

Author Comment

ID: 22841830

Our main goal is to prevent worms, viruses, phishing, poison URLs and so on. I do not see how running my own open source jabber server could prevent that. Once the users start chatting with yahoo, MSN users we would still be exposed to all the threats.


LVL 23

Expert Comment

ID: 22841982
ONe of the reasons i mentioned OCS was because if its working behind a ISA server then you will have additional controls to better secure OCS

Google "OCS and ISA" and you will see several articles on securing OCS with ISA
LVL 38

Expert Comment

by:Rich Rumble
ID: 22842132
Users will find a way to infect you still, and if they can't use their preferred IM clients, they will install their own. Users should not be local admin's of their machines that will stop 98% of viri from spreading right there
And even then, users will visit,,, and use the online versions... so mitigation via users access rights is probably the best overall change you can do. When our company locks users down, moving them from admins to users group, and they can no longer install or use the software they preferred, they always visit sites like meebo etc.. and while they do not get infected with spyware or virii they do tend to get BHO's (browser helper objects) in IE, like the Vundo virus. We move them to FireFox and we don't have to worry about virii much at all. Phishing there is no IM client or software that is even 80% accurate... google however is pretty good about marking sites as phishing and spyware, and FireFox happens to use the Google Safe browsing API... It's one of the best defenses we've used and it's free. We've demo'd Sophos, WebWasher, SafeSquid, WebSense and on and on... they aren't as up2date as google is when it comes to marking sites. Sophos has since started using the Google SB API in addition to it's own heuristics.
Security is a process, not a program. I hope this helps.


Author Comment

ID: 22960658

That is great advice and I appreciate you being so honest and educational at the same time. Since you started the subject, how can I get around this if for our main propietary program to run on each computer local admin rights are needed?.This is a company that develops software and about 70% of the user needs to install this app and run it to test before it goes out to our customers.

Could they just be Power users? I do not even know the main difference between this kind of users and local admins

LVL 38

Accepted Solution

Rich Rumble earned 500 total points
ID: 22966798
You can use Runas, and you can also try to figure out if power user can in fact give your users enough rights to run/install the apps.
Power Users can:
Install and remove applications per computer that do not install system services.
Customize system-wide resources (for example, System Time, Display Settings, Shares, Power Configuration, Printers, and so forth).
Power Users are not allowed to access other users' data stored on an NTFS partition.
In practice, Power Users cannot install many legacy applications, because these applications attempt to replace operating system files during the setup process.

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Intune and ActiveSync 2 25
Microsoft ATA (Advance Threat Analytics) 2 73
wifi security 11 46
prevented Firefox in organization 7 44
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question