Ewww.
Cisco also have a little utility called "Cisco DialOut" that lets windows
users attach a modem on a Cisco Access Server to a virtual COM port. This is
equivalent to having a modem attached to the computer for outgoing calls.
I've played with it some, seems pretty easy to set up and fairly stable.
Just pick a vendor for your RAS box, and make sure they have such a widget.
Incoming modem calls, especially to PCAnywhere etc, are a breach of
security. If they refuse to rule it out, then advise them not to bother
spending all that money on a firewall, as they may as well just hang their
virtual asses out of the window with their virtual pants around their
(virtual) ankles.
I'm sure there's someone on here with enough expertise to give you some sort
of analog call "proxy", but to do anything sensible with it (I think) you'd
have to convert it to digital, examine it, and convert it back to analog to
pass it to the modem on the other end. This Would Suck (tm). I'm no analog
telephony authority however...
I would: ask the users why the hell they think they would need PCAnywhere,
and find solutions that allow them those services in a controllable manner.
Ideally they wouldn't be able to give me any valid reason why they would
need to actually remote control their box that I couldn't find a different
solution for. In this case I'd just implement suitable network services that
I could secure. What do they want? Access to files? Run programs? Can do
this off a server....
If that fails, most of the remote control software will work via TCP/IP as
well as directly connected modem. I'd get them to dial into a remote access
server (Cisco, Shiva, Linux box, NT box etc) and use their client that way -
then at least I could apply _some_ control.
IGood Luck...
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
-----Original Message-----
From: jen [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, May 13, 1999 11:09 AM
To: [EMAIL PROTECTED]
Subject: Securing analog phone lines (!)
One of the problems we're dealing with is lots of users want analog
phone lines at their desks. You can imagine the problems this
causes. We
need to either provide an alternative to giving them modems at their
desks. The problem with outgoing calls is easier to manage than
incoming calls, but I wouldn't mind advice with both.
Here are some questions:
1. What products are there that will support outgoing calls? We have
a
Windows environment. WINport from LANSource is one product, and
Shiva
is another, but we don't know of much else.
2. What products are there that will support incoming calls? This is
the
harder one, of course. I'm not sure it's technically feasible to
support
incoming calls.
3. Is there a proxy for pcANYWHERE, Timbuktu, and other remote
control
applications so that we can make sure that no one is leaving their
computer without a password? It would be good if we could make sure
the
passwords are secure, too.
4. Is there any firewall product that can respond to events? For
example, if a pcANYWHERE connection came in, it would be nice to
setup
different policies for the host computer to access the network.
Another
event that would be nice to be able to respond to is time (for
example,
allow pcANYWHERE access only during business hours, or allow access
to
blocked sites only during off-hours).
5. Any general ideas about security and analog phone lines? I
realize
that the most secure method is to just not allow them at all. This
isn't
going to fly, though.
Thanks!
Jen
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
