Re: IP Videoconferencing

[Ron Parker <rparker () BRAZOSPORT EDU>]

If you do NAT at your firewall, or the other end does it, you may have
some issues. We don't use NAT but a local school district did and we had
problems talking to them. The H323 protocol embeds the actual IP address
of the endpoint in the packets so the remote site tries to talk to an IP
which is probably NATed. Some vendors have fixes for this. I know that
Checkpoint and Polycom both have ways to deal with it.

I've never heard of anyone actually doing it, but I'm sure it is possible
to sniff an H323 stream and reconstruct the video and audio if it travels
across the public internet. In my quick pass through Polycom's web site, I
didn't see any mention of any security features like encryption of the
H323 stream. Surely it is in there somewhere but I've never seen it on any
of the four Polycom systems we use. I don't know if it is possible to
tunnel H323 through an encrypted VPN and still have acceptable performance
but that might be worth researching.

So, bottom line, I would not assume that the videoconferencing system is
going to help you with security at all. I don't think the risk is all that
high but I think users should be aware of it, particularly if they will be
discussing anything sensitive in nature. Keep in mind, someone can also
tap their phone line and do the same thing so the risk is somewhat similar
to me. It would be difficult to do but possible if someone had access to
the network at the right place and had sufficient motivation.

--
Ron Parker, Director of Information Technology, Brazosport College
Voice: (979) 230-3266             FAX: (979) 230-3111
http://www.brazosport.edu


On Wed, 5 Nov 2003, Walsh, Brian R. (Information Services) wrote:

> We have a request from our Instructional Technology group to allow
> access through our firewall for a new IP videoconferencing unit.
> Allowing this through the firewall seems to be relatively low risk and
> I think our firewalls may even be "H.323 aware" which would make this
> a little easier to do and perhaps more secure. I am assuming that the
> videoconferencing hardware and software take care of other security
> like authentication, encryption, etc.
>
> Is there anything specific I should be worried about with this setup?
> I don't know much about the protocols or products involved so any
> advice would be appreciated. Thanks.
>
> Brian Walsh
> Connecticut College
>
> ********** Participation and subscription information for this
> EDUCAUSE Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.