This is a multi-part message in MIME format.

--===============0918068307==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C820BE.F7133C38"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C820BE.F7133C38
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,

I wanted to get some feedback on a request to allow Second Life through
our network. I was hoping that perhaps someone has experience with this
application and can let me know what steps they took to mitigate the
risks.

Management is pushing pretty hard for this and they have persuaded our
Risk Management group to move forward with a possible solution. So
simply denying this is not an option.

I was hoping to use a bastion host setup behind a firewall, running
either Citrix or Remote Desktop. But I haven't tested network
performance for the client application or performance issues with
multiple users accessing the same machine.

Of course direct client access appears to be a gaping hole as second
life requires...
TCP/443
TCP/12043
UDP/12035-12036
UDP/13000-13050

Then depending on whether or not we are forced to allow voice traffic
through=20
TCP/80
TCP/443
TCP/21002
UDP/12000-13000
UDP/5060
UDP/5062

I have already pointed out the vulnerabilities I could find (URI
handling vulnerability exposing logon credentials to malicious sites &
650,000 users notified of data breach of Linden Labs Database server
9/2006).

If anyone on the list has had to grapple with this issue, I would
appreciate your insights.=20

Thanks.

Robert Driscoll, CISSP
robdri@safeco.com



------_=_NextPart_001_01C820BE.F7133C38
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable




charset=3Dus-ascii">
6.5.7652.24">
2nd Life




Hello,



I wanted to get some feedback on a =
request to allow Second Life through our network.  I was hoping =
that perhaps someone has experience with this application and can let me =
know what steps they took to mitigate the risks.



Management is pushing pretty hard for =
this and they have persuaded our Risk Management group to move forward =
with a possible solution. So simply denying this is not an =
option.



I was hoping to use a bastion host =
setup behind a firewall, running either Citrix or Remote Desktop. But I =
haven't tested network performance for the client application or =
performance issues with multiple users accessing the same =
machine.



Of course direct client access appears =
to be a gaping hole as second life requires…



TCP/443


TCP/12043


UDP/12035-12036


UDP/13000-13050



Then depending on whether or not we are =
forced to allow voice traffic through



TCP/80


TCP/443


TCP/21002


UDP/12000-13000


UDP/5060


UDP/5062



I have already pointed out the =
vulnerabilities I could find (URI handling vulnerability exposing logon =
credentials to malicious sites & 650,000 users notified of data =
breach of Linden Labs Database server 9/2006).



If anyone on the list has had to =
grapple with this issue, I would appreciate your insights.



Thanks.



Robert Driscoll, CISSP


robdri@safeco.com







------_=_NextPart_001_01C820BE.F7133C38--

--===============0918068307==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============0918068307==--