Firewall Wizards mailing list archives
RE: RE: Security of satellite links into an organisation
From: "Safier, Adam (GEIO)" <Adam.Safier () geio ge com>
Date: Fri, 26 Jan 2001 12:43:45 -0500
I'm not sure what the MS proxy function is, or do you mean the MS Proxy goes in the ISP? As I understand it the requests go out through the ISP proxy and all replies go back to it. The Proxy routes the traffic to the Satellite network which sends it directly to each of your remote locations. The Proxy is hiding your network from the world. I would make sure the Proxy will only do the following: - the proxy only accepts "established" connections (i.e. replies to web queries and no connections initiated from the internet to the Proxy itself). - that it is actually doing NAT on your behalf so your internal IP addresses are not directly accessible from the internet - that it has IP forwarding turned off. You still have all the usual risks of surfing like malicious code hidden in web pages and users downloading viruses. If you want to try centralized virus filtering and code checking you would need to get the ISP to provide it as a service at or in front of the Proxy. You are effectively outsourcing part of your security and should have appropriate security outsourcing agreements in place. Adam -----Original Message----- From: Wigg, Guy G [mailto:GWigg () mail sbic co za] Sent: Friday, January 26, 2001 2:11 AM Subject: [fw-wiz] RE: Security of satellite links into an organisation We have branches that are geographically wide spread. Since bandwidth is so expensive here we only have ISP links in one location. We don't want surfing stuff coming across our WAN links because of the expense and hence the satellite idea, the requests going across the WAN will be minimal. Guy -----Original Message----- From: Calabrese, Christopher [mailto:christopher_calabrese () merck com] Sent: Thursday, January 25, 2001 7:45 PM To: 'Wigg, Guy G' Subject: RE: [fw-wiz] Security of satellite links into an organisation Umm, why not just put this box outside your firewall? -----Original Message----- From: Wigg, Guy G [mailto:GWigg () mail sbic co za] Sent: Thursday, January 25, 2001 9:43 AM Subject: [fw-wiz] Security of satellite links into an organisation Hi all Bandwidth in South Africa is expensive and the response times are not at all that great. We have decided that a good solution for surfing the net is via satellite. One of the SA ISPs offer this service. This would be the basic set-up, they supply a proxy (MS proxy) that they propose sits on the organisation's backbone network. The http request exits the organisation via our landlines to a proxy at the respective ISP. On exiting we obviously control the connection via the firewall we have in place. The ISP then sends the return WebPages to the organisation via the satellite dish. My question is what is the security risk of this set-up? We now have an unprotected pipe coming into the network. Agreed the hacker wouldn't get any responses since the dish can only receive (the responses would blocked by the land FW infrastructure). What risk would we be putting ourselves at? Any feedback on this would be greatly appreciated. thanks Guy _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Security of satellite links into an organisation Wigg, Guy G (Jan 25)
- Re: Security of satellite links into an organisation Tom (Jan 26)
- Re: Security of satellite links into an organisation Chris Keladis (Jan 26)
- <Possible follow-ups>
- RE: Security of satellite links into an organisation Randy Garbrick (Jan 25)
- RE: Security of satellite links into an organisation LeGrow, Matt (Jan 25)
- Re: Security of satellite links into an organisation dharris (Jan 25)
- RE: Security of satellite links into an organisation Wigg, Guy G (Jan 26)
- RE: RE: Security of satellite links into an organisation Safier, Adam (GEIO) (Jan 26)
- Re: Security of satellite links into an organisation Tom (Jan 26)