Firewall Wizards mailing list archives
Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Frederick M Avolio <fred () avolio com>
Date: Tue, 26 Aug 2003 18:18:14 -0400
Y'know, I think I must just be "retro" but I think there's no how, no way that netmeeting has any business entering or exiting a mission-critical network. I.e..: if it's worth firewalling, it's best to not allow this kind of stuff at all.
The first problem (not with Marcus's comments, but with the user request is that it *sounds* like a business requirement, but in *reality* is a suggested *solution*. I am saying, "I need NetMeeting," should be answered in a nice way with, "No you don't. What do you *really* need." Then explain it is your job and the IT folks job to come up with solutions. It makes you nervous when they try to do YOUR job. You're not trying to do THEIR job are you? Then help them formulate a requirement. Do they need "whiteboarding?" "Oh, Yeah! YEAH!" "Down boy," you say. "Do you NEED IT?" Do you need to share files? Audio conference? Etc.?
If it turns out they actually NEED NetMeeting, you know and I know the security analysis will cause you to tell them, "You can have full-fledged NetMeeting, but not at your desktop. Or you can have much, much less, but you can stay in your cube." If they pick #1, you stick a machine outside the perimeter, you scrub it between uses, and you make them go to the conference room in which it sits and use it. I know, I'm dreaming. But try it...
Sorry - I'm feeling extremely curmudgeonly today.
Because you've passed the magic 40 benchmark.
... but the REAL answer is "people should not be connecting mission-critical networks to the Internet - even with firewalls." A small handful of us have been singing this song quietly in the corner for about 12 years, now. Is anyone going to ever "get it"??
Ah... Easy question. No. :-) f _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Apple's iSight and Firewalls Jim Seymour (Aug 20)
- Re: Apple's iSight and Firewalls Bartek Krajnik (Aug 25)
- Setting up H323 IP telephony etc - was Re: Apple's iSight and Firewalls Bret Watson (Aug 26)
- Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Marcus J. Ranum (Aug 26)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Paul Robertson (Aug 26)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Frederick M Avolio (Aug 26)
- Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Bret Watson (Aug 27)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Frederick M Avolio (Aug 27)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Marcus J. Ranum (Aug 28)
- Setting up H323 IP telephony etc - was Re: Apple's iSight and Firewalls Bret Watson (Aug 26)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Barney Wolff (Aug 27)
- Re: Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls Marcus J. Ranum (Aug 27)
- Re: Apple's iSight and Firewalls Bartek Krajnik (Aug 25)
- Re: Setting up H323 IP telephony etc - was Re: Apple's iSight and Firewalls Bartek Krajnik (Aug 28)
- <Possible follow-ups>
- RE: Apple's iSight and Firewalls Dave Killion (Aug 20)
- RE: Apple's iSight and Firewalls black (Aug 21)
- RE: Apple's iSight and Firewalls Dave Killion (Aug 21)