Re: [fw-wiz] 2nd Life

On Tue, 6 Nov 2007, DRISCOLL, ROBERT wrote:
[color=blue]
> Hello,
>
> I wanted to get some feedback on a request to allow Second Life through
> our network. I was hoping that perhaps someone has experience with this
> application and can let me know what steps they took to mitigate the
> risks.
>
> Management is pushing pretty hard for this and they have persuaded our
> Risk Management group to move forward with a possible solution. So
> simply denying this is not an option.[/color]

I've always been a big fan of "walk your behind over to that PC in the
corner that's not on the internal network to do that thing I don't like."
[color=blue]
>
> I was hoping to use a bastion host setup behind a firewall, running
> either Citrix or Remote Desktop. But I haven't tested network
> performance for the client application or performance issues with
> multiple users accessing the same machine.[/color]

Make them budget one extra machine per user, that way it'll be easy to
implement and they'll get to do a cost/benefit analysis too.
[color=blue]
>
> Of course direct client access appears to be a gaping hole as second
> life requires...
> TCP/443
> TCP/12043
> UDP/12035-12036
> UDP/13000-13050
>
> Then depending on whether or not we are forced to allow voice traffic
> through
> TCP/80
> TCP/443
> TCP/21002
> UDP/12000-13000
> UDP/5060
> UDP/5062[/color]

At that point, what's the reason for having a firewall?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[email]paul@compuwar.net[/email] which may have no basis whatsoever in fact."
[url]http://www.fluiditgroup.com/blog/pdr/[/url]

_______________________________________________
firewall-wizards mailing list
[email]firewall-wizards@listserv.icsalabs.com[/email]
[url]https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards[/url]