OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: hitting the "on" switch

RE: hitting the "on" switch

GEIS (Adam.Safiergeis.ge.com)
Fri, 19 Sep 1997 14:39:23 -0400

3 is a problem. Can you add a network access server (NAS) to be placed
on a DMZ? Users dial in to that and authenticate at the firewall just
like any internet user.

   Inet------FW----your net
               |
            NAS

2 might be OK if you know who/where you are tunneling to and why. You
can tunnel IPX over a IP network which might be the only use of 2 and
might be OK - if you trust the servers.

Adam

> -----Original Message-----
> From: Jim Leo [SMTP:ADMINeverett.pitt.cc.nc.us]
> Sent: Thursday, September 18, 1997 12:50 PM
> To: firewall-wizardsnfr.net
> Subject: Re: hitting the "on" switch
>
> On Sept. 29 , our Office of Information Technology and Services will
> be meeting with the vendor that will be installing our firewall. I am
> already more than a little leary (not Tim) of some of what I thought
> I heard. Our 'rule' will be inside-out=OK / outside-in=requires
> smartkey. I am concerned about the following issuses.
> 1. That we will have to touch each device for them to get to the
>
> outside world. Sounds like an IP address change to me.
> 2. Tunneling inside to outside.
> 3. Modems in machines behind firewall. Yes I know. But the
> requirement for Dial-in is there.
> 4. No IPX through the firewall. A requirement exists to access
> Novell servers on a separate network.
>
> I am concerned about the 'Honest' risks of 2 and 3 above. I would
> like opinions (direct to me NOT the list) about 1 and 4.
>
> Thank you for your consideration
> Jim Leo
> admineverett.pitt.cc.nc.us
>

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT