Sorry guys.
I am asking a very basic question.
What is the importance of T.120 in H.323 applications ?
And if you consider a mobile communication network on H.323 applications
with Gateway, Gatekeeper with Vocaltec, where would you suggest to put the
Pix Firewall ?
Sanjeev Jha
-----Original Message-----
From: Larry Cannell [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 16, 1999 5:02 PM
To: Firewall List
Subject: RE: T.120 Conferencing through a firewall
This issue is one that I am intimately familiar with. The company I work for
(Ford) is a large user of NetMeeting and we are working as diligently as
possible to get NetMeeting working with suppliers. We think there is a huge
cost savings opportunity here in terms of travel, productivity, reduced time
to solve problems, and on and on.
Use of NetMeeting at Ford has grown dramatically over the past year with
virtually no marketing on our part (I work in the systems office and I am
considered the "owner" of NetMeeting). Our users are finding it themselves
and using it more and more. The value of data conferencing (especially with
suppliers) is enormous.
fyi: if you want to read more about my opinions regarding desktop
conferencing check here: http://www.cannell.org/larry/opinions/conferencing
I have a couple of comments to make. First, regarding getting T.120 running
through a firewall. Second, my opinion of Mr. Shenton's article.
I'll address each of these issues separately in subsequent replies.
Larry
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Axley
> Sent: Tuesday, March 16, 1999 3:50 PM
> To: Pavlichek, Doris (GEIS, GE Capital Consulting)
> Cc: 'Bard, Heather'; 'Tammy Torbert'; [EMAIL PROTECTED]
> Subject: RE: T.120 Conferencing through a firewall
>
>
> This topic came up earlier this month on the firewall-wizards mailing
> list. A link given was to a paper describing the (in)security of
> NetMeeting:
>
> http://www.shenton.org/~chris/nasa-hq/netmeeting/
>
> This may be the one you were referring to :-)
>
> This is really the same issue of allowing PC Anywhere -type applications
> to connect through your firewall. There's a lot of room for exploitation
> and a lot of unknown risk you'd be assuming.
>
> -Jason
>
> On Tue, 16 Mar 1999, Pavlichek, Doris (GEIS, GE Capital Consulting) wrote:
>
> > Date: Tue, 16 Mar 1999 14:33:26 -0500
> > From: "Pavlichek, Doris (GEIS, GE Capital Consulting)"
> <[EMAIL PROTECTED]>
> > To: "'Bard, Heather'" <[EMAIL PROTECTED]>,
> > 'Tammy Torbert' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > Subject: RE: T.120 Conferencing through a firewall
> >
> > My two cents worth...
> >
> > The biggest problem with T.120 and H.323 is that you open up a
> given system
> > completely. A friend of mine wrote a paper on this, and I wish it were
> > still online so I could refer you to it. Basically he summed it up by
> > saying that there was no inherent way to secure the
> applications themselves.
> > You could "trust" people not to put their machines at risk (by not using
> > Collaborate or other similar functions) or you could trust
> people not to go
> > against company policies. HA!
> >
> > To my knowledge, there is still no firewall which proxies for these
> > applications both because of complexity and because of lack of
> > standardization.
> >
> > I guess you have to ask yourself, "Is it bad that a remote user
> (or someone
> > who is pretending to be that user) can save, edit, delete files
> on my user's
> > machine?" or "Is it bad that a remote user can take over
> applications on
> > one of my internal systems?"
> >
> > I think you'll have your answers....DP
> >
> > > -----Original Message-----
> > > From: Bard, Heather [SMTP:[EMAIL PROTECTED]]
> > > Sent: Tuesday, March 16, 1999 1:01 PM
> > > To: 'Tammy Torbert'; [EMAIL PROTECTED]
> > > Subject: RE: T.120 Conferencing through a firewall
> > >
> > >
> > > >I will be implementing a firewall solution in a few weeks. I was
> > > wondering
> > > what
> > > >type of security issues allowing T.120 conferencing presents. My
> > > conferencing
> > > >system needs port 1503 dynamically opened. Does anyone have any
> > > information
> > > >about the risks I may be opening up by having this port opened?
> > >
> > > I am interested in this as well. We are doing H.323 and T.120
> > > implementation testing in our lab (for a very transient
> system - routers
> > > shutting down and whole subnets moving), and as of yet have
> not found any
> > > firewalls that support T.120 dynamically, thus we are having
> to statically
> > > open, through acls with a wide range of IPs, port 1503. So
> please cc: me
> > > on
> > > any information.
> > >
> > > Thanks
> > > Heather Bard
> > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> >
>
>
> AT&T Wireless Services
> IT Security
> UNIX Security Operations Specialist
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
---
Any personal opinions expressed herein do not necessarily represent
those of Omnipoint Technologies, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
