Re: NetMeeting security solution?

[C Matthew Curtin <cmcurtin () interhack net>]

> > > > > "Chris" == Chris Shenton <cshenton () uucom com> writes:

Chris> If you tunnel then the connection between the two sites is
Chris> secure, yes.  

When we're talking about tunneling in this context, does that imply
some sort of SSL- or SSH-like encrypted session from one Netmeeting
client (or peer?) to another, or are we simply talking about poking a
hole through the firewall and letting two applications talk directly
to each other?

(Poking holes in the firewall isn't "secure" in any sense of the
word.  You've shifted the audit trail, accountability, administration, 
etc., away from your firewall and down to an individual box that's
probably administered by someone else--likely someone without any
dreaming idea of what security is all about.  In general, this is Bad
Stuff and should be avoided.)

Chris> (Only if both sites are tight -- or rather have the same
Chris> security policy -- does this not lower risk. Most places I've
Chris> seen don't have this situation, the control isn't central.)

This is the key point.  By connecting multiple networks together, all
of the networks involved have their risk brought to the same level as
the most insecure site.  There are tricks you can play to prevent
this, i.e., firewalling connections between sites, but in most cases
this isn't done...the whole point of having these sorts of connections 
is so that folks can talk to each other without having all of their
data strip-searched at the firewall.

Chris> I'll try and get my whitepaper back on line this week; I spent
Chris> a while looking into this.

I'd be interested to see it posted, or at least a pointer to it.

-- 
Matt Curtin cmcurtin () interhack net http://www.interhack.net/people/cmcurtin/