Firewall Wizards mailing list archives
RE: shiva lanrover
From: "Ewing, Timothy K." <Timothy.Ewing () celera com>
Date: Thu, 14 Sep 2000 14:24:22 -0400
Someone at my company wants to intall a Shiva LanRover box (8 ports, no waiting) for dial-up access either behind the firewall or on a DMZ. I think this is a 'fine idea', but I want to put it outside the firewall. For some reason they don't want to go the ISP route.
I have worked for companies on both sides of the ISP issue. If it were me, I would not only find out why the resistance to the ISP route but would push for that solution. After all, do you really want to get into the whole ISP/modem bank set of problems? I prefer the solution of users dialing into their own ISP, either on their own or company sanctioned, and then using tunnel software which provides strong encryption. This avoids the whole issue of what type of problems may or may not exist with the Shiva as well as avoiding a whole range of support issues and having modems on your network. One solution that I'm familar with is having client software talk to a tunnel server on your network. The client keys (tunnel keys) are created and are unique for each user. Since the keys are created on the server and require the user to enter a password to unlock them upon each connection, this follows a model of what they have and what they know. - Timothy K. Ewing Celera Genomics Network Security Engineer _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: shiva lanrover Sigler, Karl (Sep 16)
- <Possible follow-ups>
- RE: shiva lanrover Ewing, Timothy K. (Sep 16)
- Re: shiva lanrover Patrick Darden (Sep 16)
- Re: shiva lanrover hermit1 (Sep 16)
- Re: shiva lanrover Patrick Darden (Sep 16)
- Message not available
- Re: shiva lanrover miko (Sep 18)
- Re: shiva lanrover hermit1 (Sep 16)