----- Original Message ----- From: "Adrian Close" <[EMAIL PROTECTED]>
> On Mon, 25 Mar 2002, Robinson, Eric R. wrote: > > > Is there a good rule of thumb for situating the RAS server? It seems to me > > that the following would be true: > > > > 3. Outside: Bad from all perspectives. > > I don't think this is bad at all. I look at RAS boxes as providing access > to the Internet, just like any other modem dial-in/ISDN/DSL/whatever at > large and don't accord those dial-up ports any special priviledges. > > That way, if someone does manage to score a login on the RAS box (which I > think is quite likely, given the security profile of staff generally and > where they write their passwords down), all they have is Internet access. > This might cost you a little money in traffic, but has no real bad > security juju. And besides, you keep an eye on your RAS and audit those > logs, right? Um, call me confused, but most of the RAS boxes I work with are used to provide access to the internal network from outside. Why would one use a RAS box to provide intranet users access to the Internet? (I've always figured that "Remote Access" was a clue as to what RAS does.) Laura _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
