Re: Dealing with MS Netmeeting & H.323

["Ryan Russell" <ryanr () sybase com>]

I'll agree with Fred on this one... It's pratically impossible
to really handle Netmeeting securely at this point, since the application's
purpose in life creates huge holes, even when functioning correctly.

At best at present, the main SPF products such as FW1 and PIX
just open the minimum number of ports for the minimum amount
of time.  It's a big impovement over Microsoft's instructions (
Just let all UDP in... .yea, right) but the program itself is still
pretty bad.

You really need a dedicated H.323 conferencing system to
even think about doing Netmeeting safely at this point.

                         Ryan






Frederick M Avolio <fred () avolio com> on 06/02/98 01:39:44 PM

Please respond to Frederick M Avolio <fred () avolio com>

To:   firewall-wizards () nfr net
cc:    (bcc: Ryan Russell/SYBASE)
Subject:  Re: Dealing with MS Netmeeting & H.323




> > An H.323 proxy could solve these problems.  Firewall-1 states they can
> > handle H.323  and work with Netmeeting (Does anyone have any experience
> > with this?).  Guantlet/NT has an H.323. proxy but  their administrator's
> ...
> Cisco PIX has the ability to securely convey H.323 (including MS
> NetMeeting),

Many companies claim to "handle" and some even indicate "handle securely."
I'd be interested in a short blurb from the vendors who handle such things
indicating how they handle it and why they think the way they handle it is
secure. (This is not intended to cast aspersions on any above-mentioned
vendor.)

Fred


---
Frederick M. Avolio, Internet Security Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765
410-309-6910 (voice)          410-309-6911 (fax)

http://www.avolio.com


Received: from tunnel.sybase.com ([130.214.231.88]) by ibwest.sybase.com
(Lotus SMTP MTA v4.6.1  (569.2 2-6-1998)) with SMTP id 88256618.00636E2E;
Wed, 3 Jun 1998 11:06:02 -0700
Received: from smtp1.sybase.com (smtp1 [130.214.220.35])
          by tunnel.sybase.com (8.8.4/8.8.4) with SMTP
       id LAA24851; Wed, 3 Jun 1998 11:03:59 -0700 (PDT)
Received: from inergen.sybase.com by smtp1.sybase.com
(4.1/SMI-4.1/SybH3.5-030896)
     id AA07208; Wed, 3 Jun 98 11:03:58 PDT
Received: from nfr.net (tower.nfr.net [208.196.145.10])
          by inergen.sybase.com (8.8.4/8.8.4) with ESMTP
       id LAA04810; Wed, 3 Jun 1998 11:05:23 -0700 (PDT)
Received: (from lists@localhost)
     by nfr.net (8.8.8/8.8.8) id WAA20503
     for firewall-wizards-outgoing; Tue, 2 Jun 1998 22:23:29 -0500 (CDT)
Received: (from fwiz@localhost)
     by nfr.net (8.8.8/8.8.8) id WAA20475
     for firewall-wizards () nfr net; Tue, 2 Jun 1998 22:23:16 -0500 (CDT)
Received: from loas.clark.net (loas.clark.net [168.143.0.13])
     by nfr.net (8.8.8/8.8.8) with ESMTP id PAA18834
     for <firewall-wizards () nfr net>; Tue, 2 Jun 1998 15:40:30 -0500 (CDT)
Received: from fma.avolio.com (avolio.clark.net [168.143.26.124])
     by loas.clark.net (8.8.8/8.8.8) with SMTP id QAA07702
     for <firewall-wizards () nfr net>; Tue, 2 Jun 1998 16:45:04 -0400 (EDT)
Message-Id: <4.0.1.19980602163518.00f55960 () pop3 clark net>
X-Sender: avolio () pop3 clark net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1
Date: Tue, 02 Jun 1998 16:39:44 -0400
To: firewall-wizards () nfr net
From: Frederick M Avolio <fred () avolio com>
Subject: Re: Dealing with MS Netmeeting & H.323
In-Reply-To: <C1256617.003D8E97.00 () asterix notes nil si>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-firewall-wizards () nfr net
Precedence: bulk
Reply-To: Frederick M Avolio <fred () avolio com>