On 10 May 2001 10:26:13 -0400, Paul D. Robertson wrote:
> 1. "Among others" is one of the telling phrases. Not that any streaming
> protocol is particularly security freindly, including 323.
And what evidence do you have that any streaming protocol is a security
risk, since you harp on them?
> 2. Streaming media protocols aren't "proxied", they're passed.
Oh? Would you mind reading up on how H323 gatewaying works and come
back later?
> going to be a signficant tunneling vector outside of HTTP and DNS, H.323
> will be the one.
And how do you propose that anything be proxied over H323?
> 4. Firewalls protect based on *blocking* traffic, not on passing it.
Yes, by setting DENY all data on my machine, I'm much happier. I can't
send or receive E-mail or browse the web. The point of being connected
to the Internet is to enjoy its functionality _while_ remaining
sufficiently secure. Security is not the end-all and be-all of every
company's existance.
> Interoperability is important because if you're
> relying on either proxy enforcement or protocol specifications for any
> measure of prortection, then deviations change the evaluation.
I use OpenH323 software for Linux to talk to people on Netmeeting. It
works. That's my evidence. If you don't know anything about the
protocols or software in question, why do you bother commenting?
> Can I encrypt a video or audio call?
>
> No. When you use encryption you are forced into a "data only" mode.
> Audio and video are disabled.
That would assume that you don't set up VPNs between your network and
the networks you want to conference with, then send your data over those
channels. If your data isn't confidential and you want something as
private and secure as E-mail (which isn't either), then Netmeeting fits
the bill, even broadcast over the Internet.
> Whoops! So much for completelness of implementation for security, so
> much for confidentiality of information passed over the 'Net...
You use E-mail, right? Do you PGP encrypt everything you send to
associates?
> Doesn't sound all that standard to me, and the phrase "stil requires som
> eports to be opened" should be a red flag.
Why? If it didn't require ports to be opened, it either wouldn't be a
standard internet protocol (which use IP ports) or it would be tunneling
over some other less-secure protocol (like HTTP, God-forbid).
> You don't cover a sucking chest wound with a gauze bandage.
You don't even know what the software does, so you diagnose it as a
chest wound?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
