On Tue, 6 Nov 2007, DRISCOLL, ROBERT wrote:

> Hello,
> I wanted to get some feedback on a request to allow Second Life through
> our network. I was hoping that perhaps someone has experience with this
> application and can let me know what steps they took to mitigate the
> risks.
> Management is pushing pretty hard for this and they have persuaded our
> Risk Management group to move forward with a possible solution. So
> simply denying this is not an option.

I've always been a big fan of "walk your behind over to that PC in the
corner that's not on the internal network to do that thing I don't like."

> I was hoping to use a bastion host setup behind a firewall, running
> either Citrix or Remote Desktop. But I haven't tested network
> performance for the client application or performance issues with
> multiple users accessing the same machine.

Make them budget one extra machine per user, that way it'll be easy to
implement and they'll get to do a cost/benefit analysis too.

> Of course direct client access appears to be a gaping hole as second
> life requires...
> TCP/443
> TCP/12043
> UDP/12035-12036
> UDP/13000-13050
> Then depending on whether or not we are forced to allow voice traffic
> through
> TCP/80
> TCP/443
> TCP/21002
> UDP/12000-13000
> UDP/5060
> UDP/5062

At that point, what's the reason for having a firewall?

Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."

firewall-wizards mailing list