A summary of responses of sorts. You probably won't like it.
Basically MBONE falls into the "killer app" category, similar to mosaic.
It's not secure, no one has a fix for it yet. You accept the important
binaries on faith in order to run it. However MBONE (again like mosaic)
is in such demand that many sites run it nevertheless. (Those "real-time"
space shuttle camera views are too cool to miss.)
I was fortunate to be able to commune in person with various firewall
"gods" last week, at a local security seminar. No one has a good answer yet.
To be consistent about security MBONE should only be available in a DMZ
zone or some such. Glamor aside, unless MBONE is critical to your org's
mission, it should not be let inside at the present time. The rationale
I keep hearing is that important seminars are held via MBONE. My impression
though, is that at present most of the traffic is the aforementioned cool
video scenes.
and I'm sure everyone has the FW I-net security book so I won't throw that into
this already large message.. In short, there are security risks.
Jeromie Jackson
Garrison Associates
Phone: 619-793-8223
Fax : 619-793-1124
|
|
