Firewall Wizards mailing list archives
Re: shiva lanrover
From: hermit1 <hermits () mac com>
Date: Thu, 14 Sep 2000 12:16:07 -0700
Why not just put it outside the firewall and treat it as any other ISP connection? If I put it on a DMZ, either I need to dedicate a port to it or it gets access to other machines on that port without me knowing about it.
These boxes can be reached via their ethernet connection and reconfigured, but if there are no restrictions (except proper user ID), what good would it do for a cracker to reconfigure it? I suppose it could be reset to dial out and used to obscure the true origin of some connection elsewhere. I don't see any risk in putting it outside the firewall under the no restriction rules, though.
hermit1 At 10:46 AM 9/14/00 -0400, Patrick Darden wrote:
Howdy! We have two of the big ones (dual PRIs with digital modems), and are very happy with them. Granted, it took a long time to get them to the point where they were functional and reliable, but that is more a matter of who we purchased them from (we spent beaucoup bucks so they would install and configure and integrate them properly.) We especially like the dial out ISDN capability this gives everyone on our network (anyone with the proper privs). I recommend you put them in your DMZ, because even though there are no security issues peculiar to them they are an ingress/egress avenue and should be strictly controlled. -- -- --Patrick Darden Internetworking Manager -- 706.354.3312 darden () armc org -- Athens Regional Medical Center On Wed, 13 Sep 2000, hermit1 wrote: > Someone at my company wants to intall a Shiva LanRover box (8 ports, no > waiting) for dial-up access either behind the firewall or on a DMZ. I > think this is a 'fine idea', but I want to put it outside the > firewall. For some reason they don't want to go the ISP route. > > I searched various places and found only one description of a security > problem - by default there is a root account on the box without a > password. Does anyone know of any other problems with this gadget? > > Thanks, > hermit1 >
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: shiva lanrover Sigler, Karl (Sep 16)
- <Possible follow-ups>
- RE: shiva lanrover Ewing, Timothy K. (Sep 16)
- Re: shiva lanrover Patrick Darden (Sep 16)
- Re: shiva lanrover hermit1 (Sep 16)
- Re: shiva lanrover Patrick Darden (Sep 16)
- Message not available
- Re: shiva lanrover miko (Sep 18)
- Re: shiva lanrover hermit1 (Sep 16)