Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Apple Ichat...

Options
  • 11-08-2004 4:49pm
    #1
    LoLth
    Registered Users Posts: 10,339 ✭✭✭✭


    Interesting one here and probably very basic. I'd just like to get a second opinion before I go doing stupid stuff :)

    A client bought an Apple specifically for video conferencing. The utility is Ichat AV version 2.0 (v145 in brackets... 2 versions?)

    So, dutifully but knowing nothing about macs I set about getting it up and running. All was lovely.. as long as they were in the same building. However when the second mac was moved to a branch office it stopped working.

    Setup:

    Leased line between office A and office B
    Office B is linked to office A's broadband connection and uses it as it's own internet access.
    Not sure if the firewall sits across the leased line as well as the broadband line but they do have different IP ranges.
    Both macs can access internet fine.

    Now, according to apple a third party firewall has to have some ports opened up 5297 and 5298 for Ichat Rendevous.

    If I open these on the firewall to test the connection, what are the risks I'm exposing the client to and what can be done to minimise them.

    sorry for vagueness. Big client and I'm not hugely comfortable posting too much detail on the net.


Comments

  • Options
    #2
    jayok
    Registered Users Posts: 1,906 ✭✭✭jayok


    LoLth,

    If you need to open these ports to support the ichat application then you have two options to ensure security.

    1 (Most Secure): Would be to establish a VPN link between the two sites. But of course this will involve additional setup on the firewalls on each site - if there are two and they support VPN of course.

    2. (Less secure - but better than not doing this): Would be to tie down the IP addresses that the ports are accessible by i.e. permit access to the two ports from the two sites "static" IP addresses. Of course the content of the ichat could be potentially captured enroute between sites, but access to the ports will be restriced.

    Option 1 is desireable, but option 2 is no less secure than opening SMTP to the Internet. If the content of the ichat stuff isn't too critical then this is a minimal risk. Management need to be aware however that without VPNs (or any encryption) anything crosing the internet is open to monitoring.

    Of course, if they are really worried, then they need to consider the American Echelon site in the UK that monitors all Internet traffic (So you think 3DES or AES is secure? HA!) :)

    JayoK


Advertisement