Firewall Wizards mailing list archives
Re: Webex and the like
From: "Paul D. Robertson" <proberts () patriot net>
Date: Tue, 25 Feb 2003 06:38:55 -0500 (EST)
On Mon, 24 Feb 2003, Steve Smith wrote:
I hope this subject hasn't been harped on too much - I just joined your
Around December 2001 archives for the old firewalls list should give my perspective.
group. Our corporation has blocked access to GoToMyPC and Webex due to security concerns. As a firewall administrator, I had to block the IP range of both sites. We have taken a lot of slack about the Webex site, all of them saying it is "so very safe, since all traffic is originated inside, and the security very granular". We even have a vendor that states Webex is their only way of supporting their product. How does everyone else feel about/handle Webex andsimilar sites?
Personally, I'd only open access for the duration of a support event if I had a vendor who had to use the product. I recall reading at some point somewhere about someone messing around and getting a different connection (not sure if it was on the vendor side or client side, and I don't have confirmation, but a google might turn it up.) In short, you're relying on (a) Vendor's support staff integrity (and potentially "just been given the opportunity to seek a new career" folks), (b) WebEx's server's security (which they didn't want to discuss in the thread I participated in without an NDA. Lastly, you might want to see if WebEx or vendors using it as a support vector are willing to insure any losses taken from that vector. Make sure they include current/former employees as well as 3rd parties. Vendors using it for support save some money, so I don't see where they shouldn't share the risk. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Webex and the like Steve Smith (Feb 25)
- Re: Webex and the like Paul D. Robertson (Feb 25)
- Re: Webex and the like Gene Yoo (Feb 25)
- <Possible follow-ups>
- Re: Webex and the like Mike Hoskins (Feb 27)
- Re: Webex and the like George Capehart (Feb 28)