Re: NetMeeting secure? [WhitePaper back online]

[Chris Shenton <cshenton () uucom com>]

> Don Cox <dcox () kodak com> writes:

> We are evaluating NetMeeting. I am interested in opinions pertaining
> to potential security concerns by allowing NetMeeting through your
> corporate firewall.


I replied:

> At my previous job, I wrote a paper on just this topic cuz I couldn't
> find anything else. See
>
>       http://www.it.hq.nasa.gov/~cshenton/hq/netmeeting/
>
> Briefly: it's impossible to secure for use over open nets. 


They've put that server behind a firewall so I've put it up on:

        http://www.shenton.org/~chris/nasa-hq/netmeeting/

Here's the abstract:

NetMeeting Security Concerns and Deployment Issues


                   Abstract

     NetMeeting is a product which allows
     point-to-point audio/video
     conferencing and multi-point file
     transfer, chat, whiteboard, and
     application-sharing over the Internet. It
     claims to follow various industry
     standards to ensure interoperability
     with other products but may not be as
     compliant as desired. Unfortunately, the
     complexity of some of these standards
     makes proxying the application's
     network traffic through a firewall very
     difficult. Further, the application sharing
     feature allows remote access to the
     shared user's desktop, allowing
     arbitrary functions to be run such as file
     writing, deleting, launching other
     applications, downloading cracker tools,
     etc. This product gives excessive control
     to remote connections making the user's
     desktop machine and network resources
     highly vulnerable. Deployment may
     require severely restricting the
     capabilities of the product in order to
     use it safely, possibly making it useless
     for the collaboration purposes it was
     intended.