Re: 2nd Life

["Paul D. Robertson" <paul () compuwar net>]

On Tue, 6 Nov 2007, DRISCOLL, ROBERT wrote:

> Hello,
>
> I wanted to get some feedback on a request to allow Second Life through
> our network.  I was hoping that perhaps someone has experience with this
> application and can let me know what steps they took to mitigate the
> risks.
>
> Management is pushing pretty hard for this and they have persuaded our
> Risk Management group to move forward with a possible solution. So
> simply denying this is not an option.

I've always been a big fan of "walk your behind over to that PC in the 
corner that's not on the internal network to do that thing I don't like."

> I was hoping to use a bastion host setup behind a firewall, running
> either Citrix or Remote Desktop. But I haven't tested network
> performance for the client application or performance issues with
> multiple users accessing the same machine.

Make them budget one extra machine per user, that way it'll be easy to 
implement and they'll get to do a cost/benefit analysis too.

> Of course direct client access appears to be a gaping hole as second
> life requires...
> TCP/443
> TCP/12043
> UDP/12035-12036
> UDP/13000-13050
>
> Then depending on whether or not we are forced to allow voice traffic
> through 
> TCP/80
> TCP/443
> TCP/21002
> UDP/12000-13000
> UDP/5060
> UDP/5062

At that point, what's the reason for having a firewall?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards