Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Frederick M Avolio (fred_at_avolio.com)
To: "Marcus J. Ranum" <firstname.lastname@example.org>, Bret Watson <email@example.com>, Bartek Krajnik <firstname.lastname@example.org>, email@example.com Date: Tue, 26 Aug 2003 18:18:14 -0400
>Y'know, I think I must just be "retro" but I think there's no how, no way
>that netmeeting has any business entering or exiting a mission-critical
>network. I.e..: if it's worth firewalling, it's best to not allow this kind of
>stuff at all.
The first problem (not with Marcus's comments, but with the user request is
that it *sounds* like a business requirement, but in *reality* is a
suggested *solution*. I am saying, "I need NetMeeting," should be answered
in a nice way with, "No you don't. What do you *really* need." Then explain
it is your job and the IT folks job to come up with solutions. It makes you
nervous when they try to do YOUR job. You're not trying to do THEIR job are
you? Then help them formulate a requirement. Do they need "whiteboarding?"
"Oh, Yeah! YEAH!" "Down boy," you say. "Do you NEED IT?" Do you need to
share files? Audio conference? Etc.?
If it turns out they actually NEED NetMeeting, you know and I know the
security analysis will cause you to tell them, "You can have full-fledged
NetMeeting, but not at your desktop. Or you can have much, much less, but
you can stay in your cube." If they pick #1, you stick a machine outside
the perimeter, you scrub it between uses, and you make them go to the
conference room in which it sits and use it. I know, I'm dreaming. But try
>Sorry - I'm feeling extremely curmudgeonly today.
Because you've passed the magic 40 benchmark.
>... but the REAL answer is "people should not
>be connecting mission-critical networks to the Internet - even with
>firewalls." A small handful of us have been singing this song quietly
>in the corner for about 12 years, now. Is anyone going to ever "get it"??
Ah... Easy question. No. :-)
firewall-wizards mailing list