Firewall Wizards mailing list archives
RE: Dialing out problem
From: "Thomas Crowe" <thomas.crowe () bellsouth net>
Date: Sun, 23 May 1999 15:26:29 -0400
I would set up a router with on demad dialing. Assusming that you already have a TCP/IP infrastructure, the routing would be simple. Then you could firewall and ACL the link. Any address complications could be handled with IP NAT. Thomas Crowe Network Systems Administrator BellSouth Online 770-270-4622
-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Ellis Luk Sent: Thursday, May 20, 1999 12:06 PM To: firewall-wizards () nfr net Subject: Dialing out problem At my work place, some staff need to use a modem to connect to a subscription service and down load information. Previously, these are serial connections (using kermit ... etc), not network connections. So the security risk is low. But recently, in the name of Y2K compliance and e-commerce enabled, they change the application to use TCP/IP. When we told them that we have security concern because this application effectively cross connect our network with their server. Their reply is basically "well, trust me, and by the way, you should take care your own security." I remembered that a few years ago when I did some security analysis work for a financial institution, they planned to offer a subscription service to their customers. But their offer was using VPN through Internet. However, as you can see, such offer virtually cross connect 2 different clients together through the VPN product (which did not provide any access control). Eventually, they understood the implication and cancelled the offer (it was changed to Web based.) Now, I am at the receiving end. Obviously, my company should not trust the information provider, but securing individual user's workstation is difficult if not impossible. Using standalone PCs may solve this security issue but it is not practical. I wonder if other people has encountered similar situations, and how would they handle it. -- Ellis ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Dialing out problem Ellis Luk (May 21)
- RE: Dialing out problem Thomas Crowe (May 23)