Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 2.7 Information About People Chapter 2
Internet Services
Next: 2.9 Name Service
 

2.8 Real-Time Conferencing Services

There are a number of different real-time conferencing services available on the Internet, including talk, IRC, and the various services provided over the Multicast Backbone (MBONE). All of these services provide a way for people to interact with other people, as opposed to with databases or information archives. Electronic mail and Usenet news are designed to facilitate asynchronous communications; they work even if the participants aren't currently logged in. The next time they log in, the email messages or news postings will be waiting for them. Real-time conferencing services, on the other hand, are designed for interactive use by on-line participants.

talk is the oldest real-time conferencing system used on the Internet. It is available on most UNIX machines and allows two people to hold a conversation. A user initiates a talk session by issuing the command "talk other-user@host", specifying the other user's address in basically the same way as their email address. The other user gets a message on his screen that says "so-and-so is requesting a talk session" and explaining how to answer. When the contacted user answers (the equivalent of picking up the phone when someone calls you), talk finishes establishing the connection between the caller and the contacted user; both users see a split screen, where what they type appears in the top half of the screen, and what the other user types appears in the bottom half.

talk is not widely used between strangers on the Internet, although it is often used between colleagues or friends at different sites (or even different parts of the same building). Some people find it convenient, useful, or enjoyable to keep a window open with a talk session to a colleague (or a friend) while they work; it's less intrusive than a phone call, and allows you to convey textual information - commands to be run, output from commands cut-and-pasted for the other user to see, etc. - more conveniently than over the phone. There aren't really any network security implications for talk itself; the only issue is that it can be very tricky to allow across a firewall without unintentionally opening other security holes, as we describe in Chapter 8.

Internet Relay Chat (IRC) is sort of like Citizens Band (CB) radio on the Internet; it has its own little culture involving lots of people talking at each other. Users access IRC via dedicated IRC clients, or by using Telnet to access a site that provides public IRC client service. IRC servers provide hundreds (sometimes thousands) of named "channels" for users to join. These channels come and go (anyone can create a new channel, and a channel survives as long as there's anyone on it), although some popular channels are more or less permanent. Unlike talk, which is limited to a pair of users, any number of people can participate on an IRC channel simultaneously. Some IRC clients allow a user to participate in multiple channels simultaneously (sort of like taking part in two different conversations at once at a party).

There are a number of security problems with IRC; most of the problems aren't with the protocol itself, but with the clients, and with who uses IRC and how. Many of the clients allow servers far more access to local resources (files, processes, programs, etc.) than is wise; a malicious server can wreak havoc with a weak client. Further, many of the most frequent users of IRC are pranksters and crackers who use IRC to pass technical information among themselves, and to try to trick other IRC users. Their idea of a fine time is to tell some neophyte IRC user "Hey, give this command to your IRC client so that I can show you this neat new toy I wrote." Then, when the unsuspecting user follows the prankster's directions, the commands trash the system. Anyone using IRC needs a good client program and a healthy dose of wariness and suspicion.

The Multicast Backbone (MBONE) is the source of a new set of services on the Internet, focusing on expanding real-time conference services beyond text-based services like talk and IRC to include audio, video, and electronic whiteboard. The MBONE is still in its infancy, but it is already used to send real-time video of many technical conferences and programs over the Internet, e.g., Internet Engineering Task Force meetings, keynote sessions from USENIX conferences, space shuttle flight operations, and so on. At this point, the commonly used MBONE services appear to be reasonably secure. Unintentional denial of service can be a real concern with the MBONE, however, because audio and video use so much memory. The methods used to distribute MBONE across the Internet also present some interesting risks, which are discussed in Chapter 8.


Previous: 2.7 Information About People Building Internet FirewallsNext: 2.9 Name Service
2.7 Information About People Book Index2.9 Name Service