Firewall Wizards mailing list archives

Re: shiva lanrover

From: hermit1 <hermits () mac com>
Date: Thu, 14 Sep 2000 12:16:07 -0700

Why not just put it outside the firewall and treat it as any other ISPconnection? If I put it on a DMZ, either I need to dedicate a port to itor it gets access to other machines on that port without me knowing about it.

These boxes can be reached via their ethernet connection and reconfigured,but if there are no restrictions (except proper user ID), what good wouldit do for a cracker to reconfigure it? I suppose it could be reset to dialout and used to obscure the true origin of some connection elsewhere. Idon't see any risk in putting it outside the firewall under the norestriction rules, though.


hermit1

At 10:46 AM 9/14/00 -0400, Patrick Darden wrote:

Howdy!

We have two of the big ones (dual PRIs with digital modems), and are very
happy with them.  Granted, it took a long time to get them to the point
where they were functional and reliable, but that is more a matter of who
we purchased them from (we spent beaucoup bucks so they would install and
configure and integrate them properly.)

We especially like the dial out ISDN capability this gives everyone on our
network (anyone with the proper privs).

I recommend you put them in your DMZ, because even though there are no
security issues peculiar to them they are an ingress/egress avenue and
should be strictly controlled.

--
--
--Patrick Darden                Internetworking Manager
--                              706.354.3312    darden () armc org
--                              Athens Regional Medical Center

On Wed, 13 Sep 2000, hermit1 wrote:

> Someone at my company wants to intall a Shiva LanRover box (8 ports, no
> waiting) for dial-up access either behind the firewall or on a DMZ.  I
> think this is a 'fine idea', but I want to put it outside the
> firewall.  For some reason they don't want to go the ISP route.
>
> I searched various places and found only one description of a security
> problem - by default there is a root account on the box without a
> password.  Does anyone know of any other problems with this gadget?
>
> Thanks,
> hermit1
>



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: shiva lanrover Sigler, Karl (Sep 16)
- <Possible follow-ups>
- RE: shiva lanrover Ewing, Timothy K. (Sep 16)
- Re: shiva lanrover Patrick Darden (Sep 16)
  - Re: shiva lanrover hermit1 (Sep 16)
    - Re: shiva lanrover Patrick Darden (Sep 16)
    - Message not available
    - Re: shiva lanrover miko (Sep 18)