all,
sorry for my amateurish spelling of the word 'trust'...
proof reading always helps..
also i dont mean to sound so exuberant. i probably should hwve given
him a much better reasoning as to why this can be an insecure procedure. i
used toas a contractor install network security
environments for USAF and the most difficult 'social engineering'
problem centered in allowing the brass to dial-in behind the
firewall,proxy,chokes and it came back to bite us..
as they say the only thing heavier than 'gold eagles' are
'little stars'
piranha...
>From: "HUNGRY PIRANHA" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: Re: Using terminal server to connect to overseas location
>Date: Tue, 13 Feb 2001 22:35:40 -0000
>
>DONT CONNECT TO YOUR FIREWALL!!!
>
>HAVE THE TERM SERVER DO IT AUTHENTICATION (pass radius or tacacs info to
>the
>firewall) AND THEN HAND THE CONNECTION TO THE FIREWALL AS IT IS THE TRUSTED
>HOST - NOT THE DISTANT END PC's.
>
>netsec rule 101...
>you can't rust anybody you dont know...
>do not allow dialin behind the firewall.
>
>pirahna..
>
>p.s....
>
>there will varying degrees of disagreement. but my opinion is my own as the
>opinions you'll hear in retort are from those folks also.
>
>
>
>
>>From: Dennis Donohue <[EMAIL PROTECTED]>
>>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>>Subject: Using terminal server to connect to overseas location
>>Date: Fri, 9 Feb 2001 11:51:11 -0600
>>
>>
>>Hi everyone. Sorry for the ametuerish question, but I'm not very familiar
>>with a situation that I am presently in.
>>
>>I have a remote office across the atlantic that I need to connect to a
>>Terminal Server on my network. The PCs in the remote location are on a
>>seperate NT network with (I assume?) a firewall. The question that I'm
>>posing is: In order to connect to my terminal server, what sort of
>>settings
>>need be made on their firewall? (The network connecting to my network,
>>will
>>only need a few clients to connect, thus I want to keep everyone else off
>>of
>>my network.)
>>
>>Thank you in advance!
>>
>>Dennis M. Donohue
>>Network Administrator
>>Aquion Parters L.P.
>>(847) 758-5903 (phn)
>>(847) 437-5539 (fax)
>>
>>
>>-
>>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>>"unsubscribe firewalls" in the body of the message.]
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
