Re: How to Establish NetMeeting Connections Through a Firewall
From: Brian Sullivan MVP (brians_at_WORMTIREDmeetingbywire.com)
Date: 03/30/04
- Next message: Brian Sullivan MVP: "Re: NetMeeting suddenly doesn't work"
- Previous message: Brian Sullivan MVP: "Re: Echoes"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: How to Establish NetMeeting Connections Through a Firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 10:25:55 -0500
anonymous@discussions.microsoft.com wrote:
> Hello Brian,
> I have read your answer on my question, also the answer on
> the question on "Port?".
> The first answer you say the article I refer to is
> misleading.
> The second answer on "Port?" You refer to pretty the same
> article, which puzzles me.
> - So, does the article state how you should configure your
> firewall or not, and what ports you should pass through
> communication?
It does provide information on port usage in NetMeeting but from I can tell
provides no practical instructions are configuring a NAT firewall for
NetMeeting usage. Some users have been successful in providing port
triggered NAT configured port management but the success tends to be spotty,
router dependent and difficult to set up.
>
> Further, I have spoken to DLink about enabling the dmz
> feature. That means no firewall protection at all they
> say. You said you strongly recommend a software firewall,
> and configure it "properly". But, configuering the
> firewall "properly" means that you pass through
> communication on all the ports described in the article.
Most software firewalls have egress control so that proper configuring would
allow all port access as you say but only for the one NetMeeting program.
> This means a false security, because of the wide range of
> open ports (your computer is wide open for attacs). DLink
> states allowing open ports on a router/firewall or with
> the use of a software firewall does not change the
> security issue.
As I said most software firewalls have controls allowing you to minimize the
exposure to one program, but you are correct there is a gap in security.
Router based firewalls have their own set of deficiencies though so the
Dlink statements may be a bit of the pot calling the kettle black.
> - Please, describe the security issue on configurering
> your software firewall "properly" in order to run
> Netmeeting. Then, of course the question appears should
> you use Neetmeting if it is such a sequrity risk?
The configuration of the firewall depends on what firewall you are using --
since you haven't provided any specifics the best I can do is talk in
general terms.
Most software firewalls allow egress control -- that is they allow
specification of a program that is allowed access and may allow you to
specify to the port/protocol level what access is allowed ( both incoming
and outgoing). Generally NetMeeting needs to listen on ports 1720 and 1503
and needs access to udp 1024-65535 incoming and outgoing. The usual strategy
is to configure the software firewall to allow NetMeeting full access on all
ports in and out. Trying to narrow the port usage for NetMeeting is probably
not useful from a security pov.
The current built in XP firewall has an h.323 proxy( but no program egress
control) so what can be specified there is to pass just tcp 1503 and tcp
1720 -- the proxy manages the rest of the ports needed.
-- Brian Sullivan Meeting by Wire ( http://www.meetingbywire.com) ------------ Is your PC protected? -- http://www.microsoft.com/security/protect/default.asp
- Next message: Brian Sullivan MVP: "Re: NetMeeting suddenly doesn't work"
- Previous message: Brian Sullivan MVP: "Re: Echoes"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: How to Establish NetMeeting Connections Through a Firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
