I'm not really sure putting you in front of his firewall will have the
desired effect he's looking for - which I assume is to make the office
network secure - since you're going to have to connect to office resources
on the LAN, and that means he's going to have to treat your Win98 box as a
trusted host as opposed to any other machine on the Internet. This means
transitive trust issues, such as your host (can WinBoxen truly be called
hosts...? :-) being compromised and used as a launch point for attacks on
the internal network. Add to the fact that Windows 95/98 machines
traditionally are not recognized as having adequate network security
measures.
I would recommend an examination of the business justification for letting
ICQ and RA into the network (or even into your system), and if it is deemed
suitable corporate policy (offhand, I can't see any reason why), what can be
done to securely implement this. The problem your netadmin faces is that if
he lets you have ICQ/RA to your desktop, pretty soon everybody will want
ICQ/RA to their desktop. There have been some posts floating around lately
on this mailing list about the possible dangers of ICQ/RA specifically which
you may want to look up. But again, if this is deemed to be acceptable
traffic into the intranet, you may want to look at application proxies (I
know RA has one specifically for many firewalls) or circuit-level proxies
(ICQ reputably works over SOCKS5) or VPN technology (for ICQ/RA between
trusted sites if you're doing memoing/video-conferencing).
Hope this helps.
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-----Original Message-----
From: Paul Koch <[EMAIL PROTECTED]>
To: 'Firewalls <[EMAIL PROTECTED]>
Date: Tuesday, December 28, 1999 8:47 AM
Subject: local firewall
>Hi,
>
>The administrator of the network at my office can't grant my wishes to use
>icq, realaudio etc because this whould weaken his firewall.
>He would put me IN FRONT of the firewall so that I have to maintain my own
>security on my system.
>
>I have a Windows98 system.
>
>What (free) software should I use to to create a "local" firewall on my
>computer so that my system is secure (as good as possible), and I'll be
able
>to use icq, realaudio and my web-cam.
>
>Thanks,
>
>Paul Koch
>[EMAIL PROTECTED]
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
