Educause Security Discussion mailing list archives
Re: IP Videoconferencing
From: Ron Parker <rparker () BRAZOSPORT EDU>
Date: Wed, 5 Nov 2003 10:55:32 -0600
If you do NAT at your firewall, or the other end does it, you may have some issues. We don't use NAT but a local school district did and we had problems talking to them. The H323 protocol embeds the actual IP address of the endpoint in the packets so the remote site tries to talk to an IP which is probably NATed. Some vendors have fixes for this. I know that Checkpoint and Polycom both have ways to deal with it. I've never heard of anyone actually doing it, but I'm sure it is possible to sniff an H323 stream and reconstruct the video and audio if it travels across the public internet. In my quick pass through Polycom's web site, I didn't see any mention of any security features like encryption of the H323 stream. Surely it is in there somewhere but I've never seen it on any of the four Polycom systems we use. I don't know if it is possible to tunnel H323 through an encrypted VPN and still have acceptable performance but that might be worth researching. So, bottom line, I would not assume that the videoconferencing system is going to help you with security at all. I don't think the risk is all that high but I think users should be aware of it, particularly if they will be discussing anything sensitive in nature. Keep in mind, someone can also tap their phone line and do the same thing so the risk is somewhat similar to me. It would be difficult to do but possible if someone had access to the network at the right place and had sufficient motivation. -- Ron Parker, Director of Information Technology, Brazosport College Voice: (979) 230-3266 FAX: (979) 230-3111 http://www.brazosport.edu On Wed, 5 Nov 2003, Walsh, Brian R. (Information Services) wrote:
We have a request from our Instructional Technology group to allow access through our firewall for a new IP videoconferencing unit. Allowing this through the firewall seems to be relatively low risk and I think our firewalls may even be "H.323 aware" which would make this a little easier to do and perhaps more secure. I am assuming that the videoconferencing hardware and software take care of other security like authentication, encryption, etc. Is there anything specific I should be worried about with this setup? I don't know much about the protocols or products involved so any advice would be appreciated. Thanks. Brian Walsh Connecticut College ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- IP Videoconferencing Walsh, Brian R. (Information Services) (Nov 05)
- <Possible follow-ups>
- Re: IP Videoconferencing Brian Reilly (Nov 05)
- Re: IP Videoconferencing Davis, Thomas R. (Nov 05)
- Re: IP Videoconferencing Ron Parker (Nov 05)
- Re: IP Videoconferencing Tina Bird (Nov 05)
- Re: IP Videoconferencing Charlie Prothero (Nov 05)
- Re: IP Videoconferencing Jere Retzer (Nov 06)