Public IM systems are notorious for leaving the door open to malevolent actions. Instant Messaging, though well-loved by many for its ease of use, has had a hard time finding favor with those in charge of network security.
"IT wants to be able to implement their own corporate namespace within the IM system. Anyone can call themselves ĎBlackcrow555í and itís not very conducive to a professional namespace. There is a need to have some control over who can send and receive messages via IM, but an even bigger need to encrypt the files that are being sent. File transfers often involve corporate intellectual property, so these files must be encrypted on the interchange."
There is a need to have an IM system that is easy to implement, as itís apparent that IT does not have time to oversee all the keys and authorizations as well as authentication. Validianís SIM system is entirely self-managed with automatic key exchange; the keys are self-contained so that there is no need for a third party authentication authority, even if the system is certificate-based.
"All of the requirements put together make for a very complex IM system that can be installed by a single user in a matter of minutes and in an entire organization in less than half a day," says Maisonneuve.
Users are authenticated either through Validianís Domain Controller or a Private Corporate Domain Controller depending on the situation. Through the linkage of the Domain Controller with corporate user databases, IT administrators can oversee the approved user lists and file transfer privileges. However, there is no central server that messages travel through, communication takes place only via peer-to-peer transactions. Before two parties can communicate, the user must be an accepted sender of the message recipient. This is done through the use of an "Allow or Deny" pop-up window. Once users have authenticated themselves and agreed to communicate with one another, their status will be stored on each otherís contact lists for future use.
The SIM client can be download from Validianís website. Should colleagues at different organizations need to Instant Message one another, they can do so if IT has authorized both Domain Controllers to converse with one another. It can be further drilled down to individual people at different organizations having the permissions to send secure IM. For example, two CFOís may communicate with one another if both parties use the Validian environment.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.