Firewall Wizards mailing list archives
RE: hitting the "on" switch
From: "Safier, Adam (GEIS)" <Adam.Safier () geis ge com>
Date: Fri, 19 Sep 1997 14:39:23 -0400
3 is a problem. Can you add a network access server (NAS) to be placed on a DMZ? Users dial in to that and authenticate at the firewall just like any internet user. Inet------FW----your net | NAS 2 might be OK if you know who/where you are tunneling to and why. You can tunnel IPX over a IP network which might be the only use of 2 and might be OK - if you trust the servers. Adam
-----Original Message----- From: Jim Leo [SMTP:ADMIN () everett pitt cc nc us] Sent: Thursday, September 18, 1997 12:50 PM To: firewall-wizards () nfr net Subject: Re: hitting the "on" switch On Sept. 29 , our Office of Information Technology and Services will be meeting with the vendor that will be installing our firewall. I am already more than a little leary (not Tim) of some of what I thought I heard. Our 'rule' will be inside-out=OK / outside-in=requires smartkey. I am concerned about the following issuses. 1. That we will have to touch each device for them to get to the outside world. Sounds like an IP address change to me. 2. Tunneling inside to outside. 3. Modems in machines behind firewall. Yes I know. But the requirement for Dial-in is there. 4. No IPX through the firewall. A requirement exists to access Novell servers on a separate network. I am concerned about the 'Honest' risks of 2 and 3 above. I would like opinions (direct to me NOT the list) about 1 and 4. Thank you for your consideration Jim Leo admin () everett pitt cc nc us
Current thread:
- Re: hitting the "on" switch Jim Leo (Sep 18)
- <Possible follow-ups>
- RE: hitting the "on" switch Safier, Adam (GEIS) (Sep 19)