2.6. Real-Time Conferencing ServicesA number of different real-time conferencing services are available on the Internet, including talk, IRC, web chat rooms, and the various services provided over the Multicast Backbone (MBONE). All of these services provide a way for people to interact with other people, as opposed to interacting with databases or information archives. Electronic mail and Usenet news are designed to facilitate asynchronous communications; they work even if the participants aren't currently logged in. The next time they log in, the email messages or news postings will be waiting for them. Real-time conferencing services, on the other hand, are designed for interactive use by online participants.Internet Relay Chat (IRC) is sort of like Citizens Band (CB) radio on the Internet; it has its own little culture involving lots of people talking at each other. Users access IRC via dedicated IRC clients, or by using Telnet to access a site that provides public IRC client service. IRC servers provide hundreds (sometimes thousands) of named "channels" for users to join. These channels come and go (anyone can create a new channel, and a channel survives as long as there's anyone on it), although some popular channels are more or less permanent. Unlike talk, which is limited to a pair of users, any number of people can participate on an IRC channel simultaneously. Some IRC clients allow a user to participate in multiple channels simultaneously (sort of like taking part in two different conversations at once at a party). There are a number of security problems with IRC; most of the problems aren't with the protocol itself, but with the clients, and with who uses IRC and how. Many of the clients allow servers far more access to local resources (files, processes, programs, etc.) than is wise; a malicious server can wreak havoc with a weak client. Further, many of the most frequent users of IRC are pranksters and crackers who use IRC to pass technical information among themselves and to try to trick other IRC users. Their idea of a fine time is to tell some neophyte IRC user "Hey, give this command to your IRC client so that I can show you this neat new toy I wrote". Then, when the unsuspecting user follows the prankster's directions, the commands trash the system. Anyone using IRC needs a good client program and a healthy dose of wariness and suspicion. Purely web-based chat rooms have fewer vulnerabilities, but HTTP doesn't lend itself well to chatting, so these tend to be clunky and uncomfortable to use. People therefore have developed a number of hybrid solutions using plug-ins to HTTP clients (for instance, Mirabilis's ICQ and AOL's Messenger). These provide much nicer interfaces but also introduce new vulnerabilities. Like IRC, they have many "bad neighborhoods" where people hang out looking for neophytes they can trick or attack. In addition, the protocols and the plug-ins themselves are often vulnerable. ore complicated systems allow richer conversations. As high-speed network connections become common, full-fledged video conferencing systems have become popular, even across the Internet. The most famous of those systems is Microsoft's NetMeeting. NetMeeting and most other video conferencing systems in wide use are based on a set of International Telecommunications Union standards and protocols for video conferencing. These protocols are extremely difficult to secure. They have almost every feature that makes a protocol difficult to protect, including using multiple data streams, initiating data transfer from both ends of the conversation (instead of having a clearly defined client and server), using connectionless protocols, and dynamically assigning port numbers instead of using well-known port numbers. While they can be very useful, providing them securely requires an extremely specialized firewall. Because video conferencing involves large amounts of data, the firewall also needs good performance. The MBONE is the source of a new set of services on the Internet, focusing on expanding real-time conference services beyond text-based services like talk and IRC to include audio, video, and electronic whiteboard. The MBONE is used to send real-time video of many technical conferences and programs over the Internet (e.g., Internet Engineering Task Force meetings, keynote sessions from USENIX conferences, space shuttle flight operations, and so on). At this point, the commonly used MBONE services appear to be reasonably secure. Although there are theoretical problems, the only reported attacks have been floods, which are easy to deal with. Theoretical problems have a way of eventually becoming actual problems, but these are extremely theoretical (nobody has verified that they are actually exploitable at all) and not very threatening (if they were exploitable, they still wouldn't be catastrophic). Unintentional denial of service can be a real concern with the MBONE, however, because audio and video can use so much bandwidth. The methods used to distribute MBONE across the Internet also present some interesting risks, which are discussed in Chapter 19, "Real-Time Conferencing Services".
|
|