Protecting External Connectivity In OCS 2007
Filed under: Instant Messaging (IM), OCS 2007, OCS 2007 R2, Reference, Voice over IP
Last Friday on TechRepublic’’s “10 Things” Blog, Brien Posey wrote about 10 Common Network Security Design Flaws.
The second flaw is “opening more firewall ports than necessary.” And what does he use as an example? OCS 2007 R2.
It’’s a very good example. As he states, OCS requires several ports opened in order to provide external connections to other networks. Without proper protection, this can be a risk to you. Ports left open (and not monitored) are little signposts saying, “Enter Here!”
(This is only if you want to use external connections. If you”re only interested in OCS for internal IM and Presence, you won”t need to open those ports.)
Brien puts forth Microsoft ForeFront as a good solution to the problem. ForeFront’’s Threat Management Gateway is a reverse proxy - intended to filter requests for access into & out of your network. At the risk of sounding too provider-loyal, it IS a natural fit. (If you use a hosted OCS provider, chances are ForeFront is in place.)
In order to protect External Connectivity completely though, you”ll have to use the OCS Edge Server. There’’s an advantage to this: depending on how you want to communicate with others, you can enable only what you need. Each of the External Connectivity services requires a service enabled on the OCS Edge Server. According to Microsoft’’s TechNet, these are:
- Access Edge service — Lets outside users communicate with your OCS using SIP.
- Web Conferencing Edge service — Lets outside users participate in your conferences.
- A/V Edge service — Lets you share audio and video with external users.
The TechNet page also gives links on how to administer these services:
Microsoft TechNet — Managing External Connectivity for Your Organization with Edge Servers
I blogged about this because it’’s important to remember. Brien’’s #1 network security flaw was the “set it and forget it” mentality. Doing that with OCS can leave a lot of exploitable holes in your network. All of them preventable if you remember to protect External Connectivity.
Technorati Tags:
business
Microsoft
technology
OCS 2007 R2
security
Why Posts Have Been Slow: Using OCS During a Website Rework!
Filed under: Instant Messaging (IM), OCS 2007, OCS 2007 R2, Voice over IP
Yes, it’’s true - posting has been slow on the OCS Insider. I have a reason why though! In fact, that reason is the subject for today’’s post.
My company has been going full-speed-ahead on a new website version for the past few weeks. We”ve been planning it since March, and the timetable has now rolled right on top of us.
We”ve been using Telerik’’s Sitefinity CMS platform to build our new website. It’’s fantastic and a huge timesaver (Telerik’’s our partner; we recommend it to all new website clients). But porting over 200+ pages into a whole new layout with new content, new SEO and new Web services takes a while.
Of course we”ve been using our OCS setup to communicate through this. Without it, we wouldn”t be nearly this close to done.
OCS Has Come in Handy
HELPFUL INCIDENT #1 — Just yesterday, I emailed one of our programmers with a Telerik question. He called me (through OCS VoIP) right afterward to discuss my questions. Said, “It would be quicker for me to explain it this way.” And it was. He told me where to find the right code snippet in no time at all.
HELPFUL INCIDENT #2 — Last week our network connections went sideways for about half an hour. (Murphy’’s Law. Had to be.) We couldn”t see each other’’s Presence status, get email, log in, nothing.
Except we could still make VoIP calls.
I found this out by getting a call out of the blue. I blinked at it a couple times before clicking. But lo and behold, it actually worked! I”m not quite sure how - apparently the VoIP connection wasn”t as affected as the network. The issue was fixed and we went about our business.
HELPFUL INCIDENT #3 — We had a meeting 3 weeks ago to gear up for the final stages. Our boss shared her desktop to show us where the new tools would be displayed in the new layout. Anyone who’’s ever used VNC knows how fun it is to watch your screen highlight things on its own.
Add to these all the IM conversations, Presence reminders (”Working on Portfolio, don”t bug me”) etc., and OCS has played a huge role in getting us through this rework.
So Why Blog About It?
Merely as a real-world reminder of how handy OCS 2007 can be. Last year, before we began using it, I wouldn”t have even considered using IM in a business setting. I”d heard all the myths: “It’’s not secure!” “People will waste all day chatting!” And since I use IM at home, I figured that’’s where it belonged.
Nowadays, doing work without OCS” tools would take too long for my scrambling work schedule.
Pretty soon we”ll have a brand-new website up at www.planetmagpie.com for everyone to enjoy (and make use of). OCS helped!
Is There a Reason to Use Instant Messaging in Business?
Filed under: Instant Messaging (IM), OCS 2007, OCS 2007 R2
Ah ha! I knew it would happen. Sure enough, one of our prospective clients asked us “the” question.
“Instant Messaging? Like AIM and Yahoo? We lose tons of time to those. If this OCS system has IM in it, then we could lose even more productivity!”
(I”m paraphrasing. He was a bit more flustered.)
Danger, Personal Use, Danger!
There’’s a lot of truth in his concern. Instant Messaging can be a distraction to workers. People get sucked into conversations (recall the infamous water cooler), time drains away, nothing gets doneā¦
However, this is really an issue with people interacting. Not the technology they use.
The one technical concern everyone SHOULD worry about is users sending confidential information over IM. OCS has security in place to protect messages. But if an employee IMs a friend outside the company, someone could eavesdrop on that message.
So long as the “no confidential information” rule is respected, there’’s really no reason OCS Instant Messaging can”t be another useful office communication tool. Read more
