Re: Regarding Bypassing the firewall

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 06/23/05


Date: Thu, 23 Jun 2005 09:24:12 -0400

On 23 Jun 2005 05:06:17 -0700, ravicse04@gmail.com spoketh

>
>Hi ,
>
>my question is clear. I just try to understand my question again
>briefly.
>Actually I am doing work on vedio confrencing product So Regarding this
>I have a question:

Your question, in your mind, is absolutely very clear. We know that you
know what it is you are saying. However, something is getting lost in
the translation, which makes it difficult for us to understand what it
is you want to do.

>
>Q- When we will in Confrence then for the protection of our confrence
>we have to configure our firewall regarding out side attack and I want
>entry of that person who is authorised to do confrence this means that
>we have to do some configuration manually in firewall setting.So I just
>want to know that there is any method for which Without configurating
>the firewall we can give the permission to authorised person or in
>another word without configuration bypasss the firewall.
>
>Ravi
>

Although the question is becoming clearer, there's still some room for
interpretation.

If the video conferencing is initialized on the inside of your network,
you should only have to create one rule one time to allow the video
conferencing device (one single static IP) to make an outbound
connection. Allowing this outbound connection should not create any
significant avenue of attack for any outsiders, as inbound access is
still limited.

If the video conferencing is initialized on the outside, then you need a
rule on the firewall to allow this traffic from the outside to the video
conferencing device, which does create some additional risk. The rule
should be very specific to only allow the traffic to the video
conferencing device, which should be off and/or disconnected when not in
use. Also consider using a DMZ for this, to prevent any issues on your
protected network.

But, if you don't want to leave it open on your firewall all the time,
then you'll need to enable/disable the rule(s) on the firewall each
time.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)