RE: Disabling NIC when modem is connected

["Quigley, Kenneth J" <Quigley.Kenneth.J () broadband att com>]

There is a device sold by Black box called a lan safe firewall, the part
number should be MC170A.  It disconnects the LAN when the modem is active.
I have one that I am in the process of testing, but looks good so far.

Kenneth J. Quigley
Manager of Internal Network Security
AT&T Broadband
Digital Media Centers
Office: (303) 267-9807
Pager: (303) 851-4560
Email:  Quigley.Kenneth.J () broadband att com





-----Original Message-----
From: Earle Orenstein [mailto:eorenstein () groupwise swin edu au]
Sent: Wednesday, February 20, 2002 5:14 AM
To: firewall-wizards () nfr com
Subject: RE: [fw-wiz] Disabling NIC whem modem is connected


Hi Guys,
2 cents worth ( and $AUS is only worth half of US$ so please discount this
even more )

If using Windows, and connecting to a DHCP server on the NIC, a batch file
that did an ipconfig -release_all before performing the connection may well
do the trick.

What worried me when I first read this was that the original post wished to
bypass his organisation's firewall.

Just ask the firewall admins to punch a hole through for your specific
service.  But going around the firewall with a modem is deadly.

cheers
Earle Orenstein


> > > "Loomis, Rip" <GILBERT.R.LOOMIS () saic com> 02/20/02 14:34 PM >>>
Fabio--

> Is there a way to disable the NIC of a Windows based machine 
> when the modem is connect to the Internet ?
Not using any readily-available solution of which I'm aware.
It should be possible to do this with purpose-written code--one
would need to insert a shim into the NIC driver and the modem
driver, and only allow one at a time to be in use.

I know that there was discussion about 8-10 months ago of
a VPN client software installation that could force certain
requirements to be obeyed on the client PC before allowing
connection to the VPN gateway/server piece.  I don't recall
what software was discussed, what the venue for discussion
was, or whether the software ever got beyond the vaporware
stage--so I don't know if that's much help.  (If anyone *does*
come up with software that does this and is stable, please
advise.)

Note also that unless such a software installation is running
on WinNT/W2K/XP and the user has only a non-privileged account,
it's unlikely to be able to accomplish much.  Anyone with
console access to Win9x/WinME/XPHome can bypass such a set of
shims trivially.  Inbound connections to our corporate network
are required on paper to obey the same rules--one can connect
either to the corporate network *or* to an internal/customer
network, but not both.  (Some items such as internal e-mail and
timecharging software are available through web interfaces and
constitute specific exceptions--this is more about access to
internal file servers, SAP, etc.)  However, the enforcement of
these rules is through awareness and AUP agreements than through
technological means--for just such reasons.

> I think that a machine connect to the internet via modem and 
> plugged to the internal LAN can be a security risk, while it
> is bypassing the firewall. 
And similarly, a external machine connected to the Internet and
also (through a dial-in or VPN connection) to an internal network
can be a problem.  However, for the specific issue you raise
above, the typical fix is to not allow internal users to add
modems to their systems.  Again, this is more of a policy
and awareness enforcement item, but we've also used wardialing
in the past as one tool to help clients verify that internal
users are complying.

In other words, your concerns are valid and I don't have an
immediate and painless solution.  Perhaps someone else does.
Hope this helps--

--
Rip Loomis
Senior Systems Security Engineer, SAIC CIST
Brainbench MVP for Internet Security
http://www.brainbench.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards