RE: [fw-wiz] Apple's iSight and Firewalls

From: Dave Killion (Dkillion_at_netscreen.com)
Date: 08/20/03

  • Next message: Patrick M. Hausen: "[fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"
    To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 20 Aug 2003 10:12:05 -0700
    
    
    

    Jim,

    If it's a site-to-site video confererencing system, where both sides are
    firmly under your control (Corp HQ to Corp Office, etc), I'd strongly
    recommend a VPN tunnel, which solves most of the Swiss-cheese problems.
    This is something you should already have, anyway.

    Just a thought...

    Dave Killion
    Senior Security Engineer
    Security Group, NetScreen Technologies, Inc.

    -----Original Message-----
    From: jseymour@LinxNet.com [mailto:jseymour@LinxNet.com]
    Sent: Tuesday, August 19, 2003 5:43 PM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Apple's iSight and Firewalls

    Hi All,

    My company would like to set up inexpensive video-conferencing.
    They've been bugging me for a solution for some time. The partner
    company, being All Windows, All The Time, of course immediately
    suggested NetMeeting. ISTR a discussion about NetMeeting here, perhaps
    prompted by me, and, IIRC, it pretty much requires one make swiss
    cheese of their firewall for it to work. I vetoed it, and management
    backed me up. Doing a search on "NetMeeting" on SecurityFocus was not
    encouraging, either.

    Recently they bought me an iBook to do some WebObjects development
    with. It just hit me today that maybe Apple's iSight product would do
    the trick for video conferencing.

    Problem is: I've no idea what iSight would need through the firewall.

    There's this:

        http://www.macosxhints.com/article.php?story=20030623203213301

    If 5060 and 16384 through 16403 UDP are all that are required, and I
    can specify the only allowed IP address inside they would forward to,
    well, that might be acceptable.

    Comments? Opinions? Suggestions? Flames? ;)

    Thanks,
    Jim

    --
    Jim Seymour                  | PGP Public Key available at:
    jseymour@LinxNet.com         |
    http://www.uk.pgp.net/pgpnet/pks-commands.html
    http://jimsun.LinxNet.com    |
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Patrick M. Hausen: "[fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"