>2) The T.120 protocol is used for text messaging and application sharing.
>We will allow this access for *outbound* only. This means we can join
>NetMeeting servers on the Internet but they cannot join servers inside our
>networks. This also means we can view and share applications on servers on
>the Internet, but they cannot share ours.
I doubt your firewall can make this "one-way" enough. If you allow this,
your users will be able to, for example, give control of a DOS prompt
on their inside machines to someone on the outside. Even with, say,
Word or Excel, a macro could be pasted in really quickly that could
cause problems. It doesn't have to be the outside user themself, either,
since the connections are subject to hijacking. This doesn't even
get into client-side vulnerabilities.
All of these reasons were enough for me to make a policy against it's
use across the Internet here.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
