Firewall Wizards mailing list archives

Re: Webex and the like

From: "Paul D. Robertson" <proberts () patriot net>
Date: Tue, 25 Feb 2003 06:38:55 -0500 (EST)

On Mon, 24 Feb 2003, Steve Smith wrote:

I hope this subject hasn't been harped on too much - I just joined your


Around December 2001 archives for the old firewalls list should give my 
perspective.

group.  Our corporation has blocked access to GoToMyPC and Webex due to
security concerns.  As a firewall administrator, I had to block the IP
range of both sites.  We have taken a lot of slack about the Webex site, all
of them saying it is "so very safe, since
all traffic is originated inside, and the security very granular".  We even
have a vendor that states Webex is their only way of supporting their
product.  How does everyone else feel about/handle Webex andsimilar sites?


Personally, I'd only open access for the duration of a support event if I 
had a vendor who had to use the product.  I recall reading at some point 
somewhere about someone messing around and getting a different connection 
(not sure if it was on the vendor side or client side, and I don't have 
confirmation, but a google might turn it up.)

In short, you're relying on (a) Vendor's support staff integrity (and 
potentially "just been given the opportunity to seek a new career" folks), 
(b) WebEx's server's security (which they didn't want to discuss in the 
thread I participated in without an NDA.

Lastly, you might want to see if WebEx or vendors using it as a support 
vector are willing to insure any losses taken from that vector.  Make sure 
they include current/former employees as well as 3rd parties.  Vendors 
using it for support save some money, so I don't see where they shouldn't 
share the risk.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Webex and the like Steve Smith (Feb 25)
- Re: Webex and the like Paul D. Robertson (Feb 25)
- Re: Webex and the like Gene Yoo (Feb 25)
- <Possible follow-ups>
- Re: Webex and the like Mike Hoskins (Feb 27)
  - Re: Webex and the like George Capehart (Feb 28)