Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dealing with MS Netmeeting & H.323

From: Frederick M Avolio <fred () avolio com>
Date: Fri, 05 Jun 1998 08:32:19 -0400
I don't consider it a huge risk for outgoing calls, when handled *PROPERLY*
by a stateful filter. And to make it scalable, you would appreciate the low
latency
and high throughput that SPFs tend to have. Of course, YCMMV (C=customer's)
;)


Speed at the expense of security processing? I'm not sure what *can* be
usefully done with H.323, but outgoing calls, while probably at a lower
risk, are still at risk. Granted, the inside user is inviting a connection
from the outside (which is what the SPF is using for decision making), but
once that connection is established and allowed, any vulnerability would
still exist. If a vulnerability exists, the inside user is then in the
position -- whether he realizes it -- of granting someone on the outside
access to his computer or the inside network. 

A long-winded way of saying, "Yes, the risk is less, but not substantially
less."

Fred
Previous By Date Next
Previous By Thread Next

Current thread: