-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Chris Shenton [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 17, 1999 11:02 AM
> To: Larry Cannell
> Cc: Firewall List
> Subject: Re: T.120 Conferencing through a firewall
>
> [...]
> The not nice thing about a conference server is that it lets traffic
> in regardless of content. So if a hostile connected to your
conference
> server, it just passes it back through your firewall into your LAN
and
> you're toast. Thanks, but no thanks.
Conference server, conference server... uh... I've got one! How about
this. Set up a stinky old Terminal Server with Meta-Frame add-on
behind the firewall in the DMZ. Any internal user that wants a
NetMeeting session needs to execute her Citrix client that will launch
the NetMeeting application on the Terminal Server behind the firewall.
- From there, NetMeeting can run uncontrolled. If that NM session is
compromised, i.e. remote control, trojan upload, then only that
Terminal Server is affected. Since you are allowing only
keystroke/screen/audio transfers through the ICA protocol back to your
corporate client and not other connectivity to the internal network
exist, no information can be accessed and compromised (other than that
on the Terminal Server). How about that...
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
Comment: PGP encrypted email preferred
iQA/AwUBNvsu4Slma9DCzQQeEQLOFgCgoO85xri3wsGIOhJoalNUwStv3CIAoKuT
6mdBT/W8dyaMAqD6sHsxFsDp
=Ytmu
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
