RE: [fw-wiz] Apple's iSight and Firewalls

From: Dave Killion (Dkillion_at_netscreen.com)
Date: 08/20/03

Next message: Patrick M. Hausen: "[fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"

Previous message: Jim Seymour: "[fw-wiz] Apple's iSight and Firewalls"
Maybe in reply to: Jim Seymour: "[fw-wiz] Apple's iSight and Firewalls"
Next in thread: black_at_galaxy.silvren.com: "RE: [fw-wiz] Apple's iSight and Firewalls"
Reply: black_at_galaxy.silvren.com: "RE: [fw-wiz] Apple's iSight and Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
Date: Wed, 20 Aug 2003 10:12:05 -0700

Jim,

If it's a site-to-site video confererencing system, where both sides are
firmly under your control (Corp HQ to Corp Office, etc), I'd strongly
recommend a VPN tunnel, which solves most of the Swiss-cheese problems.
This is something you should already have, anyway.

Just a thought...

Dave Killion
Senior Security Engineer
Security Group, NetScreen Technologies, Inc.

-----Original Message-----
From: jseymour@LinxNet.com [mailto:jseymour@LinxNet.com]
Sent: Tuesday, August 19, 2003 5:43 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Apple's iSight and Firewalls

Hi All,

My company would like to set up inexpensive video-conferencing.
They've been bugging me for a solution for some time. The partner
company, being All Windows, All The Time, of course immediately
suggested NetMeeting. ISTR a discussion about NetMeeting here, perhaps
prompted by me, and, IIRC, it pretty much requires one make swiss
cheese of their firewall for it to work. I vetoed it, and management
backed me up. Doing a search on "NetMeeting" on SecurityFocus was not
encouraging, either.

Recently they bought me an iBook to do some WebObjects development
with. It just hit me today that maybe Apple's iSight product would do
the trick for video conferencing.

Problem is: I've no idea what iSight would need through the firewall.

There's this:

http://www.macosxhints.com/article.php?story=20030623203213301

If 5060 and 16384 through 16403 UDP are all that are required, and I
can specify the only allowed IP address inside they would forward to,
well, that might be acceptable.

Comments? Opinions? Suggestions? Flames? ;)

Thanks,
Jim

--
Jim Seymour                  | PGP Public Key available at:
jseymour@LinxNet.com         |
http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

application/x-pkcs7-signature attachment: smime.p7s

Next message: Patrick M. Hausen: "[fw-wiz] Transparent proxies and PMTUD on the (WWW) server side"

Previous message: Jim Seymour: "[fw-wiz] Apple's iSight and Firewalls"
Maybe in reply to: Jim Seymour: "[fw-wiz] Apple's iSight and Firewalls"
Next in thread: black_at_galaxy.silvren.com: "RE: [fw-wiz] Apple's iSight and Firewalls"
Reply: black_at_galaxy.silvren.com: "RE: [fw-wiz] Apple's iSight and Firewalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]