Dealing with MS Netmeeting & H.323

Ryan Russell ryanr@sybase.com
Wed, 3 Jun 1998 11:18:41 -0700


I'll agree with Fred on this one... It's pratically impossible
to really handle Netmeeting securely at this point, since the application's
purpose in life creates huge holes, even when functioning correctly.

At best at present, the main SPF products such as FW1 and PIX
just open the minimum number of ports for the minimum amount
of time.  It's a big impovement over Microsoft's instructions (
Just let all UDP in... .yea, right) but the program itself is still
pretty bad.

You really need a dedicated H.323 conferencing system to
even think about doing Netmeeting safely at this point.

                         Ryan






Frederick M Avolio <fred@avolio.com> on 06/02/98 01:39:44 PM

Please respond to Frederick M Avolio <fred@avolio.com>

To:   firewall-wizards@nfr.net
cc:    (bcc: Ryan Russell/SYBASE)
Subject:  Re: Dealing with MS Netmeeting & H.323




>> An H.323 proxy could solve these problems.  Firewall-1 states they can
>> handle H.323  and work with Netmeeting (Does anyone have any experience
>> with this?).  Guantlet/NT has an H.323. proxy but  their administrator's
>...
>Cisco PIX has the ability to securely convey H.323 (including MS
>NetMeeting),

Many companies claim to "handle" and some even indicate "handle securely."
I'd be interested in a short blurb from the vendors who handle such things
indicating how they handle it and why they think the way they handle it is
secure. (This is not intended to cast aspersions on any above-mentioned
vendor.)

Fred


---
Frederick M. Avolio, Internet Security Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765
410-309-6910 (voice)          410-309-6911 (fax)

http://www.avolio.com


Received: from tunnel.sybase.com ([130.214.231.88]) by ibwest.sybase.com
(Lotus SMTP MTA v4.6.1  (569.2 2-6-1998)) with SMTP id 88256618.00636E2E;
Wed, 3 Jun 1998 11:06:02 -0700
Received: from smtp1.sybase.com (smtp1 [130.214.220.35])
          by tunnel.sybase.com (8.8.4/8.8.4) with SMTP
       id LAA24851; Wed, 3 Jun 1998 11:03:59 -0700 (PDT)
Received: from inergen.sybase.com by smtp1.sybase.com
(4.1/SMI-4.1/SybH3.5-030896)
     id AA07208; Wed, 3 Jun 98 11:03:58 PDT
Received: from nfr.net (tower.nfr.net [208.196.145.10])
          by inergen.sybase.com (8.8.4/8.8.4) with ESMTP
       id LAA04810; Wed, 3 Jun 1998 11:05:23 -0700 (PDT)
Received: (from lists@localhost)
     by nfr.net (8.8.8/8.8.8) id WAA20503
     for firewall-wizards-outgoing; Tue, 2 Jun 1998 22:23:29 -0500 (CDT)
Received: (from fwiz@localhost)
     by nfr.net (8.8.8/8.8.8) id WAA20475
     for firewall-wizards@nfr.net; Tue, 2 Jun 1998 22:23:16 -0500 (CDT)
Received: from loas.clark.net (loas.clark.net [168.143.0.13])
     by nfr.net (8.8.8/8.8.8) with ESMTP id PAA18834
     for <firewall-wizards@nfr.net>; Tue, 2 Jun 1998 15:40:30 -0500 (CDT)
Received: from fma.avolio.com (avolio.clark.net [168.143.26.124])
     by loas.clark.net (8.8.8/8.8.8) with SMTP id QAA07702
     for <firewall-wizards@nfr.net>; Tue, 2 Jun 1998 16:45:04 -0400 (EDT)
Message-Id: <4.0.1.19980602163518.00f55960@pop3.clark.net>
X-Sender: avolio@pop3.clark.net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1
Date: Tue, 02 Jun 1998 16:39:44 -0400
To: firewall-wizards@nfr.net
From: Frederick M Avolio <fred@avolio.com>
Subject: Re: Dealing with MS Netmeeting & H.323
In-Reply-To: <C1256617.003D8E97.00@asterix.notes.nil.si>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-firewall-wizards@nfr.net
Precedence: bulk
Reply-To: Frederick M Avolio <fred@avolio.com>