Hi,
Lately we are facing more and more P2P applications, exposing the corporate internal networks to
unknown external access. some of the applications require a detailed installation with username and
passwds, like GoToMyPC https://www.gotomypc.com/ and ViAir WirelessInbox http://www.viair.com/products_WI.htm
but there might be some, that probably run out of the box, like Kazza and others.
The common denominator of all those programs are they use well known open ports on the corporate
firewall, such as http, https or ftp. they automatically switch between the ports to find an open one.
and some of them can even pass proxy servers.
This is not new to the security community, we all remember the famous ping tunneling, ssh, https and
http tunneling where the idea is almost the same. the difference, which doesn't make it better, was that
internal users did in purpose to their systems outside the network. and today's applications, are using
a 3ed unauthorized party "Broker" to set the connection.
I believe that a strict corporate policy should eliminate part of the problem, but still we've to stand guard
and catch the security violators.
I would like to hear what you are doing and what can be done to mitigate this problem?
maybe adding another section to RS, like back doors, for P2P applications?
Regards,
Eli Beker
Comverse
