On Tue, 21 Dec 1999, Kevin Eberman wrote:
> I wouldn't want to argue the business merits of ICQ, but what protocol would
> you use for real time one-to-one text communication? ICQ is not supported
Internally I like to use IRC servers, we use two to talk between my
group's two predominant locations.
Externally, we don't need real-time communication, but if I had to support it,
I'd probably allow telnet to a hardened shell machine with a text-based IRC
client on it, or I'd do some sort of real-time Web-based discussion forum if
the lusers weren't hardy enough to use ircII. As a last resort, I'd write
something of my own, keeping the protocol simple and intermediated through a
server I controlled.
I'm well aware of the troubles of solving social problems with
technology, but frankly not allowing these protocols will keep a lot of
people away from spending all their time on non-work conversations, or in
the case of RA, from using all your bandwidth to listen to radio stations
over the Internet.
> by our SonicWall DMZ router, but if it's possible, I'd like to get something
> else working.
There are a few Web-based or Java-based "Web chat" clients. I've not
evaluated any of them for security, so I can't say that any really fit
the bill.
I also wrote:
> Firewall protection models are based on disallowing traffic and
> protocols, each allowed protocol lessens the effectiveness of the
> firewall. I've yet to see a good business justification for ICQ that
> wasn't met in a different way with a better protocol.
If I control the client and the server, I'm happier about the traffic, as
long as I'm reasonably sure that client-to-client communications are out
of the door (which discludes "regular" IRC with external clients.) It
*might* also be worth looking at internal and external IRC servers
running them as an IRC network (assuming you can lock down an external
IRC server sufficiently)- that way the lusers inside can use GUI IRC
clients (or text-based ones), but direct DCC doesn't work, and the only
thing talking through the firewall are two servers that you control.
The benifits of being able to /kill your lusers are best left unspoken ;)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
