Re: [fw-wiz] Webex and the like
From: Paul D. Robertson (proberts@patriot.net)
Date: 02/25/03
- Previous message: Steve Smith: "[fw-wiz] Webex and the like"
- In reply to: Steve Smith: "[fw-wiz] Webex and the like"
- Next in thread: Gene Yoo: "Re: [fw-wiz] Webex and the like"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Paul D. Robertson" <proberts@patriot.net> To: Steve Smith <sssmith@attglobal.net> Date: Tue, 25 Feb 2003 06:38:55 -0500 (EST)
On Mon, 24 Feb 2003, Steve Smith wrote:
> I hope this subject hasn't been harped on too much - I just joined your
Around December 2001 archives for the old firewalls list should give my
perspective.
> group. Our corporation has blocked access to GoToMyPC and Webex due to
> security concerns. As a firewall administrator, I had to block the IP
> range of both sites. We have taken a lot of slack about the Webex site, all
> of them saying it is "so very safe, since
> all traffic is originated inside, and the security very granular". We even
> have a vendor that states Webex is their only way of supporting their
> product. How does everyone else feel about/handle Webex andsimilar sites?
Personally, I'd only open access for the duration of a support event if I
had a vendor who had to use the product. I recall reading at some point
somewhere about someone messing around and getting a different connection
(not sure if it was on the vendor side or client side, and I don't have
confirmation, but a google might turn it up.)
In short, you're relying on (a) Vendor's support staff integrity (and
potentially "just been given the opportunity to seek a new career" folks),
(b) WebEx's server's security (which they didn't want to discuss in the
thread I participated in without an NDA.
Lastly, you might want to see if WebEx or vendors using it as a support
vector are willing to insure any losses taken from that vector. Make sure
they include current/former employees as well as 3rd parties. Vendors
using it for support save some money, so I don't see where they shouldn't
share the risk.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: Gene Yoo: "Re: [fw-wiz] Webex and the like"
- Previous message: Steve Smith: "[fw-wiz] Webex and the like"
- In reply to: Steve Smith: "[fw-wiz] Webex and the like"
- Next in thread: Gene Yoo: "Re: [fw-wiz] Webex and the like"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
