The implementation of most common e-conferencing solutions require the use of dynamic ports for User Datagram Protocol
(UDP)-based audio and video streaming and Transmission Control Protocol (TCP)-based call control. Firewalls implemented as perimeter protection typically block UDP, the transport mechanism for multicast packets. Because of the connectionless nature of UDP, it is almost impossible to define a reasonable firewall policy that allows some UDP communications and blocks others. Many of the protocols that are implemented over UDP are easily exploitable.
Since, typical packet filtering firewalls don't support dynamic port filtering, it's always a good idea to use application-specific proxies that enable secure UDP streaming. Though some vendors are marketing H.323 firewall solutions, they are not sufficient for many environments. The other solution is to use Firewall Tunneling whereby the conferencing sever is placed behind the firewalls at both corporate and remote locations and relies on tunneling for access into network.
Dig deeper on Network Security Monitoring and Analysis
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: http://...continue reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...continue reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.