Firewall Wizards mailing list archives
Re: NetMeeting secure? [WhitePaper back online]
From: Chris Shenton <cshenton () uucom com>
Date: 05 Oct 1998 09:01:11 -0400
Don Cox <dcox () kodak com> writes:
We are evaluating NetMeeting. I am interested in opinions pertaining to potential security concerns by allowing NetMeeting through your corporate firewall.
I replied:
At my previous job, I wrote a paper on just this topic cuz I couldn't find anything else. See http://www.it.hq.nasa.gov/~cshenton/hq/netmeeting/ Briefly: it's impossible to secure for use over open nets.
They've put that server behind a firewall so I've put it up on: http://www.shenton.org/~chris/nasa-hq/netmeeting/ Here's the abstract: NetMeeting Security Concerns and Deployment Issues Abstract NetMeeting is a product which allows point-to-point audio/video conferencing and multi-point file transfer, chat, whiteboard, and application-sharing over the Internet. It claims to follow various industry standards to ensure interoperability with other products but may not be as compliant as desired. Unfortunately, the complexity of some of these standards makes proxying the application's network traffic through a firewall very difficult. Further, the application sharing feature allows remote access to the shared user's desktop, allowing arbitrary functions to be run such as file writing, deleting, launching other applications, downloading cracker tools, etc. This product gives excessive control to remote connections making the user's desktop machine and network resources highly vulnerable. Deployment may require severely restricting the capabilities of the product in order to use it safely, possibly making it useless for the collaboration purposes it was intended.
Current thread:
- Re: NetMeeting secure? [WhitePaper back online] Chris Shenton (Oct 05)