Veteran protocol lands new role as multimedia star
(IDG) -- Maybe you can teach an old dog new tricks. The 9-year-old SOCKS protocol - originally developed as a general-purpose proxy - is emerging as one of the best ways to secure multimedia applications across the Internet.
The latest version of SOCKS offers network managers an easier way to run videoconferencing and video and audio streaming through firewalls, which has been difficult and timeconsuming. SOCKS V5 does this by providing a single and powerful method of authenticating users and managing security policies for all Internet applications, including multimedia.
A growing number of products support SOCKS V5, including firewalls from Novell and Milkyway Networks; extranet-oriented virtual private networks (VPN) from Hewlett-Packard and Aventail; and real-time conferencing applications such as Lotus' Sametime. IBM is expected to announce support for SOCKS V5 in its firewall this week.
The role of SOCKS V5 in multimedia security will be discussed at the second annual SOCKS developer's conference this week in Santa Clara, Calif. About 150 developers and enterprise customers are expected to attend.
"These newer streaming protocols are very complex. Securing them is a real challenge," says Saqib Jang, director of marketing at NEC Systems. A leading proponent of SOCKS, NEC licenses its SOCKS V5 server software to Aventail, IBM, HP and others. "SOCKS V5 is really the first workable solution for multimedia across the Internet."
Without SOCKS V5, network managers are running into problems getting multimedia applications to work through their firewalls.
Just ask Ray Lincolnhol, a product specialist with Baan Indirect Channels in Grand Rapids, Mich. Lincolnhol's group uses Microsoft's NetMeeting to conduct videoconferences over the Internet with resellers and customers. However, Baan had to set up a server outside the firewall to host the videoconferences.
"We don't employ a great deal of security right now," Lincolnhol admits, adding that Baan doesn't share any sensitive or proprietary data over the videoconferences, just "generic product demonstrations."
Marketstar, an Ogden, Utah, marketing firm, also set up a server outside its firewall to handle videoconferences over the Internet with resellers. But with this workaround, the company can't use the chat, file transfer, whiteboarding or application-sharing features of its EnVision desktop conferencing system from Sorenson Vision.
"We can communicate with audio and video, but we can't collaborate," says Mark Slater, an account executive for Marketstar. He calls the problem "a big issue that needs to be resolved."
SOCKS V5 resolves that issue by providing user authentication for a host of Internet protocols including H.323 videoconferencing and RealAudio. SOCKS V5 is not only flexible in that it supports multiple protocols, but it's also powerful, giving network managers a great deal of control over traffic.
"What is driving all of the interest in SOCKS is the need to have a much higher degree of intelligence in firewall and border control products," NEC's Jang says. "SOCKS V5 lets you set who can go to the 'Net and use what application and what type of authentication they'll need."
Sorenson Vision, a multimedia vendor in Logan, Utah, received complaints from enterprise customers who wanted to conduct videoconferences over the Internet but ran into problems with their firewalls and network address translation (NAT) devices. So Sorenson Vision embarked on a year-long research project to find a way to secure EnVision traffic over the Internet. The company's engineers found two options: write a proprietary proxy server or use SOCKS V5.
"The best solution was SOCKS," says Mark Fallentine, a security architect with Sorenson Vision. "We can't have a solution for every NAT and firewall. We wanted a solution to work with all of them."
Still, SOCKS V5 is not a panacea for multimedia security. In addition to the SOCKS V5 server software, clients must have SOCKS V5 software installed, and applications must be "socksified." Getting SOCKS V5 to work with emerging Internet applications such as RealAudio isn't as simple as plug and play, developers say.
"Multimedia applications still carry enough proprietary stuff in them that we need to tweak the SOCKS V5 server to support them," says Frederic Martin, the product line manager for Novell's BorderManager firewall, which supports SOCKS V4 and V5.
"SOCKS isn't the right solution for every problem that exists with multimedia," says Marc Van Heyningen, Internet security architect for Aventail, an extranet vendor in Seattle. He says some observers predict that the IP Security standard will eventually replace SOCKS V5 for securing multimedia applications, but he sees a role for both protocols.
For now, SOCKS V5 is good enough for Wireless One, a Jackson, Miss., ISP that uses the SOCKS V5 feature of Novell's BorderManager to grant a handful of top executives the ability to receive RealAudio streams. "We can allow or deny access to just about any protocol or application by user or IP address," says John Cressman, network communications manager for Wireless One.
Meanwhile, HP uses the protocol to support audio streaming on its employee Web site. HP uses its own SOCKS V5-compliant Praesidium Extranet VPN to handle the traffic.
"We just open up one port in the firewall for streaming audio and data," says Narayan Makaram, a senior technical consultant with HP's Internet Security Division. "SOCKS is making that possible."
The great IP crunch of 2010
RELATED IDG.net STORIES:
How SOCKS fits
Welcome to SOCKS
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.