Ali Tabasi wrote:
>
> Are there any security issues that I need to be concerned with
> allowing clients from behind the firewall to meet on a NetMeeting
> server out in the cloud?
Well, considering that NetMeeting (actually H.323) uses lots of
secondary channels, you're faced with the same problems as FTP.
That is, you may aswell consider your firewall to be a router.
It looks nice and tight when you port scan it, but as soon as
someone "knocks on the door" and nicely asks "Hello, Mr. Firewall,
I'm the H.323 Protocol, would you please have your H.323 proxy open a
connection from me to host 10.2.3.4 on the inside, port 139? And, oh,
by the way, don't look at what I'm sending, since it's probably just
audio data", your firewall will happily open that connection.
In other words: If you're the least bit worried about your
internal network security, DO NOT ALLOW H.323 FROM YOUR
INTERNAL NETWORK.
(And that goes for active FTP too. There, now I've said it again.)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
