2nd Life

["DRISCOLL, ROBERT" <ROBDRI () SAFECO com>]

Hello,

I wanted to get some feedback on a request to allow Second Life through
our network.  I was hoping that perhaps someone has experience with this
application and can let me know what steps they took to mitigate the
risks.

Management is pushing pretty hard for this and they have persuaded our
Risk Management group to move forward with a possible solution. So
simply denying this is not an option.

I was hoping to use a bastion host setup behind a firewall, running
either Citrix or Remote Desktop. But I haven't tested network
performance for the client application or performance issues with
multiple users accessing the same machine.

Of course direct client access appears to be a gaping hole as second
life requires...
TCP/443
TCP/12043
UDP/12035-12036
UDP/13000-13050

Then depending on whether or not we are forced to allow voice traffic
through 
TCP/80
TCP/443
TCP/21002
UDP/12000-13000
UDP/5060
UDP/5062

I have already pointed out the vulnerabilities I could find (URI
handling vulnerability exposing logon credentials to malicious sites &
650,000 users notified of data breach of Linden Labs Database server
9/2006).

If anyone on the list has had to grapple with this issue, I would
appreciate your insights. 

Thanks.

Robert Driscoll, CISSP
robdri () safeco com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards