RE: FW: BlackIce Defender??? / H.323 security

[patrick.mueller () ac com]

Lucius, thanks for the comments on H.323. I am doing a security analysis of a
product similar in some ways to NetMeeting. It is, namely, Lotus's "Sametime"
program. It is based on T.120 for instant messaging and will support H.323 in
the future. I've only done some basic reading on these two standards, but
neither seem to have much in the way of security considerations (authentication,
data encryption, etc.). Am I mistaken, or is this the case? Just wondering if
anyone has any comments on T.120, Lotus Sametime, or the IETF group "Instant
Messaging/Presence Protocol" (IMPP) [which Lotus says that product will support
after the drafts are finalized and accepted]. Thanks in advance..

     -- Patrick

> Date: Sat, 30 Oct 1999 12:22:07 +0530
> From: "LUCIUS" <lucius () mahindrabt com>
> Subject: RE: FW: BlackIce Defender???

> Netmeeting uses H.323 for conferencing. The problem withH323 is that there is
no
> defined port. I,e except for the well known 1720 used for Q. Signaling during
call
> setup (H.245 ) and  other port for tcp and 4 for UDP responsible for
maintaining the
> call  are dynamically negotiated and are above 1024.  The only way you could
get
> NetMeeting through is  by using an application proxy or a circuit gateway
firewall
> (limited utility).

> Cheers
> Lucius

n