1999-03-20-00:52:28 Larry Cannell:
> > just my 2 cents but it really does not matter how much perceived
> > value is obtained buy netmeeting if one can't rely on the integrity
> > of the data that is being transmitted period. that is the point and
> > since netmeeting is inherently insecure any data streamed via it is
> > unreliable period.
>
> Based on this statement I assume that your organization only allows signed
> and encrypted email? Or did your organization realize the incredible value
> email provides, assess the risk, and applied reasonable controls to minimize
> that risk?
I'm not the person you were replying to, but I'll go ahead and jump into this
thread.
Like most organizations with responsible security staff, I enjoy supporting
email, and wouldn't consider allowing NetMeeting through an internet firewall
into the in-house net.
Email is known to be insecure and unauthenticated. However, as long as the
sole service it attempts to support is passing batches of text in and out,
that's fine, and wonderfully useful. When well-intentioned persons hack in
sexy stuff into their mail user agents, the "let random strangers run whatever
they want on my machine if they send me the right kind of email", then we get
into troubles; fortunately, all it takes is a bit of effort to track the lists
reporting bugs of that sort, and make sure either (a) your MUAs don't have
those bugs, or (b) you filter out the offending messages on your firewall.
If a firewall proxy were available that allowed you to specify what H.323
and T.120 services were going to be allowed from where to where, to
specifically prohibit letting random strangers run arbitrary programs on
"protected" machines, then NetMeeting would be a reasonable candidate in some
circumstances.
Until then, I'm glad to have you running NetMeeting in through your corporate
firewall; the more people break into your net, the less time they are spending
trying to break in to mine.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
