Firewall Wizards mailing list archives
Re: NetMeeting security solution?
From: Chris Shenton <cshenton () uucom com>
Date: 16 Sep 1998 11:20:40 -0400
Don Cox <dcox () kodak com> writes:
Advocates of NetMeeting are trying to convince me that: a) If you use tunneling (to take care of opening all ports on your firewall problem), AND b) If you use neT.120 Conference Server, that security should not be a threat.
If you tunnel then the connection between the two sites is secure, yes. But if -- say -- your site is protected but the remote site is not, then anyone who gets in to the remote site can pass through the tunnel to yours. And once they do that, the "application sharing" gives them mouse/keyboard access to your machine, the LAN and servers it has access to. (Only if both sites are tight -- or rather have the same security policy -- does this not lower risk. Most places I've seen don't have this situation, the control isn't central.)
Say that I insist that audio and video be disabled, and that we use tunneling, do you feel that using neT.120 Conference Server will address all other security issues?
The audio and video isn't inherently insecure, nor is the whiteboard: it's just all the damn ports you have to open since the protocol's so complex. (Micro$oft says to simply "open all UDP and TCP ports above 1024 in your firewall"; sheesh). The application sharing *is* inherently dangerous as it gives remote users (and anyone who can hack them) mouse/keyboard access to your machine. In 5 seconds you can insert a DOS command shell into a shared Word doc and then do anything you want -- install sniffers, delete files. On NT too. A couple firewall vendors are working on true proxies which understand the T.120 and H.323 protocols so that they only open the ports which the peers negotiate but I'm not sure if they're available yet.
Note: reasons given to me for using neT.120 Conference Server were taken from http://www.databeam.com/net120/top_ten.html. Interesting that companies such as GE, Ford, Boeing, FileNet and MCI use NetMeeting.
They probably eat at McDonald's too, but that doesn't make the golden arches fine cuisine. There's a brain-damage in large corporations which says "we have to use Product X because everyone else is using it". Only later do they worry about security. And it's hard for net admins to argue with users who say "It's *free*". Shudder. I found Databeam to be *not* helpful. Remote users connect to the server, but than that traffic is mirrored to you. Again, application sharing is the threat, even if the audio/video/whiteboard issues are finessed by risking someone else's machine, the Databeam server. I'll try and get my whitepaper back on line this week; I spent a while looking into this.
Current thread:
- NetMeeting security solution? Don Cox (Sep 15)
- Re: NetMeeting security solution? Christopher Nicholls (Sep 17)
- Re: NetMeeting security solution? Chris Shenton (Sep 17)
- Re: NetMeeting security solution? C Matthew Curtin (Sep 19)
- Re: NetMeeting security solution? Chris Shenton (Sep 21)
- Re: NetMeeting security solution? C Matthew Curtin (Sep 19)