Re: Security on CU-SeeMe

Scott Lacroix (slacroix@wpine.com)
Wed, 18 Mar 1998 21:11:12 -0400


At 04:45 PM 3/18/98 -0600, Jason Williams wrote:
>On Mon, 16 Mar 1998, ROBERTO DE PAIVA wrote:
>> I'd like to get some information about CU-SeeMe security features. Any
>> site or forum would be helpfull. Information can be with respect to
>> a different video conferencing systems or MBone tools.
>
>There's different types of security...From the transport layer, there's
>no other protection since it's UDP. From the application layer, you can
>connect to different Conference IDs for a reflector and also a password
>per conference if you're connecting to a White Pine reflector/MPCS.

Are you SURE about that? I know there are companies out there that do
encryption at the transport layer... There's no reason why you couldn't add
a layer to your TCP/IP stack that encrypts UDP packets as they are put on
the wire. So long as the reciever had the same software, the data should be
secure with no knowledge required at the application level. If you had a
package like that, there's no reason it shouldn't work with the server/client.
No promises, mind you... :)
But basic UDP is unprotected/unencryted, as you mention.

As far as the WhitePine server goes, you have the ability to allow only
certain addresses (or ranges of addresses) access to the server for
administration. Beyond that, you can password protect the server to allow
levels of access. The Web-Based administration GUI goes beyond that to
allow logins and username/password verification after checking the IP
addresses.

Roberto, are you currently using a WhitePine client? If so, you're used to
seeing a conference list at first connection. There can also be HIDDEN
(private) conferences that you can add. Thus, only informed users could
connect to them. Also, as Jason mentions, you can password protect the
conferences to restrict access. Beyond that, you can allow and/or deny
access by IP address on a per-conference basis.

Lastly, you can configure a "root" conference from which administrators
can monitor all other conferences simultaneously (which may not really
count as a "security" feature, it depends on what you're looking for).

- Scott

--

,-==================================-.-==================================-. | I haven't lost my mind, it's backed | Scott LaCroix (slacroix@wpine.com) | | up on tape around here somewhere... | Sr. Software Engineer ___ | | - Author Unknown | White Pine Software ./_ -\. | | #include<disclaimer/std.h> | http://www.wpine.com q| o O |p | `-==================================-^-=====================oOOo=~U~=oOOo-'