Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Dialing out problem

From: "Thomas Crowe" <thomas.crowe () bellsouth net>
Date: Sun, 23 May 1999 15:26:29 -0400
I would set up a router with on demad dialing.  Assusming that you already
have a TCP/IP infrastructure, the routing would be simple.  Then you could
firewall and ACL the link.  Any address complications could be handled with
IP NAT.

Thomas Crowe
Network Systems Administrator
BellSouth Online
770-270-4622


-----Original Message-----
From: owner-firewall-wizards () nfr net
[mailto:owner-firewall-wizards () nfr net]On Behalf Of Ellis Luk
Sent: Thursday, May 20, 1999 12:06 PM
To: firewall-wizards () nfr net
Subject: Dialing out problem


At my work place, some staff need to use a modem to connect to a
subscription service and down load information. Previously, these are
serial connections (using kermit ... etc), not network connections.
So the security risk is low.

But recently, in the name of Y2K compliance and e-commerce enabled,
they change the application to use TCP/IP.
When we told them that we have security concern because this
application effectively cross connect our network with their server.
Their reply is basically "well, trust me, and by the way,
you should take care your own security."

I remembered that a few years ago when I did some security analysis
work for a financial institution, they planned to offer a subscription
service to their customers. But their offer was using VPN through
Internet. However, as you can see, such offer virtually cross
connect 2 different clients together through the VPN product
(which did not provide any access control). Eventually, they
understood the implication and cancelled the offer (it was
changed to Web based.)
Now, I am at the receiving end. Obviously, my company should not
trust the information provider, but securing individual user's
workstation is difficult if not impossible. Using standalone PCs
may solve this security issue but it is not practical.

I wonder if other people has encountered similar situations, and how
would they handle it.

--
Ellis


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: