September 28, 1999 Web posted at: 10:30 a.m. EDT (1430 GMT) by Carolyn Duffy Marsan

From...

(IDG) -- Maybe you can teach an old dog new tricks. The 9-year-old SOCKS protocol - originally developed as a general-purpose proxy - is emerging as one of the best ways to secure multimedia applications across the Internet.

The latest version of SOCKS offers network managers an easier way to run videoconferencing and video and audio streaming through firewalls, which has been difficult and timeconsuming. SOCKS V5 does this by providing a single and powerful method of authenticating users and managing security policies for all Internet applications, including multimedia.

A growing number of products support SOCKS V5, including firewalls from Novell and Milkyway Networks; extranet-oriented virtual private networks (VPN) from Hewlett-Packard and Aventail; and real-time conferencing applications such as Lotus' Sametime. IBM is expected to announce support for SOCKS V5 in its firewall this week.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Network World Fusion home page
Free Network World Fusion newsletters
Managing the flow of streaming media, 08/05/99
How SOCKS fits, 09/27/99
Reviews & in-depth info at IDG.net
		IDG.net's bridges & routers page
		IDG.net's hubs & switches page
		IDG.net's network operating systems page
		IDG.net's network management software page
Year 2000 World
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for network experts
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

The role of SOCKS V5 in multimedia security will be discussed at the second annual SOCKS developer's conference this week in Santa Clara, Calif. About 150 developers and enterprise customers are expected to attend.

"These newer streaming protocols are very complex. Securing them is a real challenge," says Saqib Jang, director of marketing at NEC Systems. A leading proponent of SOCKS, NEC licenses its SOCKS V5 server software to Aventail, IBM, HP and others. "SOCKS V5 is really the first workable solution for multimedia across the Internet."

Without SOCKS V5, network managers are running into problems getting multimedia applications to work through their firewalls.

Just ask Ray Lincolnhol, a product specialist with Baan Indirect Channels in Grand Rapids, Mich. Lincolnhol's group uses Microsoft's NetMeeting to conduct videoconferences over the Internet with resellers and customers. However, Baan had to set up a server outside the firewall to host the videoconferences.

"We don't employ a great deal of security right now," Lincolnhol admits, adding that Baan doesn't share any sensitive or proprietary data over the videoconferences, just "generic product demonstrations."

Marketstar, an Ogden, Utah, marketing firm, also set up a server outside its firewall to handle videoconferences over the Internet with resellers. But with this workaround, the company can't use the chat, file transfer, whiteboarding or application-sharing features of its EnVision desktop conferencing system from Sorenson Vision.

"We can communicate with audio and video, but we can't collaborate," says Mark Slater, an account executive for Marketstar. He calls the problem "a big issue that needs to be resolved."

SOCKS V5 resolves that issue by providing user authentication for a host of Internet protocols including H.323 videoconferencing and RealAudio. SOCKS V5 is not only flexible in that it supports multiple protocols, but it's also powerful, giving network managers a great deal of control over traffic.

"What is driving all of the interest in SOCKS is the need to have a much higher degree of intelligence in firewall and border control products," NEC's Jang says. "SOCKS V5 lets you set who can go to the 'Net and use what application and what type of authentication they'll need."

Sorenson Vision, a multimedia vendor in Logan, Utah, received complaints from enterprise customers who wanted to conduct videoconferences over the Internet but ran into problems with their firewalls and network address translation (NAT) devices. So Sorenson Vision embarked on a year-long research project to find a way to secure EnVision traffic over the Internet. The company's engineers found two options: write a proprietary proxy server or use SOCKS V5.

"The best solution was SOCKS," says Mark Fallentine, a security architect with Sorenson Vision. "We can't have a solution for every NAT and firewall. We wanted a solution to work with all of them."

Still, SOCKS V5 is not a panacea for multimedia security. In addition to the SOCKS V5 server software, clients must have SOCKS V5 software installed, and applications must be "socksified." Getting SOCKS V5 to work with emerging Internet applications such as RealAudio isn't as simple as plug and play, developers say.

"Multimedia applications still carry enough proprietary stuff in them that we need to tweak the SOCKS V5 server to support them," says Frederic Martin, the product line manager for Novell's BorderManager firewall, which supports SOCKS V4 and V5.

"SOCKS isn't the right solution for every problem that exists with multimedia," says Marc Van Heyningen, Internet security architect for Aventail, an extranet vendor in Seattle. He says some observers predict that the IP Security standard will eventually replace SOCKS V5 for securing multimedia applications, but he sees a role for both protocols.

For now, SOCKS V5 is good enough for Wireless One, a Jackson, Miss., ISP that uses the SOCKS V5 feature of Novell's BorderManager to grant a handful of top executives the ability to receive RealAudio streams. "We can allow or deny access to just about any protocol or application by user or IP address," says John Cressman, network communications manager for Wireless One.

Meanwhile, HP uses the protocol to support audio streaming on its employee Web site. HP uses its own SOCKS V5-compliant Praesidium Extranet VPN to handle the traffic.

"We just open up one port in the firewall for streaming audio and data," says Narayan Makaram, a senior technical consultant with HP's Internet Security Division. "SOCKS is making that possible."