Sounds like you:
1. Understand the value of email
2. Have assessed the risk:
- "Known to be insecure and unauthenticated"
- "As long as...it is passing text"
- "Then we get into trouble"
3. Have applied reasonable controls:
- "Make sure your MUAs don't have those bugs"
- "or you filter out messages on your firewall"
So, from your statements, it appears that you have made some assessment of
risk and balanced that against the value this application provides. Good for
you. However, I don't think you are demanding the same level of
sophistication from your email controls that you seem to be demanding from a
T.120 proxy.
> Until then, I'm glad to have you running NetMeeting in through your
> corporate firewall; the more people break into your net, the less time
> they are spending trying to break in to mine.
Obviously I don't feel that same as you regarding the risks involved with
doing this (and I assume you've read previous posts where I've outlined the
controls we've taken) so let's just agree to disagree.
However, I tend to take a different perspective. As long as you are not a
supplier of my company (and affecting my bottom-line) then I'm glad you are
NOT running NetMeeting between you, your suppliers, and/or customers.
Because it means that my company gets an advantage over yours by lowering
our costs and providing quicker time to market.
Larry
> > Based on this statement I assume that your organization only
> allows signed
> > and encrypted email? Or did your organization realize the
> incredible value
> > email provides, assess the risk, and applied reasonable
> controls to minimize
> > that risk?
>
> I'm not the person you were replying to, but I'll go ahead and
> jump into this
> thread.
>
> Like most organizations with responsible security staff, I enjoy
> supporting
> email, and wouldn't consider allowing NetMeeting through an
> internet firewall
> into the in-house net.
>
> Email is known to be insecure and unauthenticated. However, as long as the
> sole service it attempts to support is passing batches of text in and out,
> that's fine, and wonderfully useful. When well-intentioned persons hack in
> sexy stuff into their mail user agents, the "let random strangers
> run whatever
> they want on my machine if they send me the right kind of email",
> then we get
> into troubles; fortunately, all it takes is a bit of effort to
> track the lists
> reporting bugs of that sort, and make sure either (a) your MUAs don't have
> those bugs, or (b) you filter out the offending messages on your firewall.
>
> If a firewall proxy were available that allowed you to specify what H.323
> and T.120 services were going to be allowed from where to where, to
> specifically prohibit letting random strangers run arbitrary programs on
> "protected" machines, then NetMeeting would be a reasonable
> candidate in some
> circumstances.
>
> Until then, I'm glad to have you running NetMeeting in through
> your corporate
> firewall; the more people break into your net, the less time they
> are spending
> trying to break in to mine.
>
> -Bennett
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
