Appendix | Network Connection |
unauthorized access. The need for protection must be balanced against the need to communicate with the outside world. This is why most security solutions focus on minimizing the risk until it reaches an acceptable level.
Opening ports in the firewall might seem at first like an unnecessary security risk. However, there are in reality so many ports (65535) that simply discovering which port might be open is difficult enough. In addition to the sheer number of ports, protections written into the operating system make it very difficult to gain unauthorized access to your network, even if those ports are open. Finally, only port 1720 is open to receive incoming requests. The range of six ports is only open in your PC during a call.
If “safe enough” isn’t secure enough for you, then setting your
VIaVideo up in a DMZ is safer option. For more information about
DMZs, see the next section.
What’s a DMZ?
Most firewalls provide DMZ configuration as a way to allow high availability access for web servers and video communications servers (that’s your PC running ViaVideo) while providing firewall access for the other devices in the network. A DMZ is not a physical location, but is instead a way to configure your network so that the devices that are “in” the DMZ are served by the router, but are outside the protection of the firewall. Devices in the DMZ then communicate with the other devices in the internal network through the firewall.
This solution creates a “safe zone” within your internal network by effectively placing the video communications server outside of the firewall’s protection. In this way, no unauthorized connections are allowed within the
Setting up your ViaVideo’s computer in a DMZ is the quickest way to configure your ViaVideo to run while using a firewall. For more information about configuring your video communications server in a DMZ, see “Router With Firewall, Using a DMZ,” on page 68.
ViaVideo User’s Guide | 74 | www.polycom.com |
