Remove the modem, insert a modem pool device that provides uses one of the
standard Authentication and Authorization Protocols (RADIUS,TACACS,
TACACS+), then you will have some logging and some granular control of
what the user can do using a modem.
The second action to take is go to you telecomm guy and restrict the
lines, so that they can only dial out and a would be intruder will not be
able to dial them back or dial into that modem, just in case some user
flips the modem into auto answer mode.
The reason the below logic does not work is that if a user is used to
doing things one way for a very long time, all changes to any organization
security architecture should be transparent to the user. In some cases,
this cannot be done, but in most cases, a user doesn't even know they are
communicating to the Internet via a firewall, or that his/her's email is
being scrubbed by some sort of virus/content scanner.
The more noticeable the security architecture the greater the possibility
a user may attempt to avoid any of the security mechanisms that they know
about.
/mark
Tom Rowan <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/08/00 07:22 AM
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, fw mailing list
<[EMAIL PROTECTED]>
cc:
Subject: RE: [FW1] modem internet access on the internal LAN
Hi,
With the greatest of respect, the wrong thing that you're doing is
bypassing
your firewall!!! Why spend all that money on huge, expensive titanium
padlocks if you're going to leave them undone?!
1) Remove the modems.
2) Buy a standalone PC. Put a modem in it but NO network card.
3) Stick a skull and cross bones on it and never trust it again.
Well okay, perhaps number 3 is a bit extreme, but you get my point? ;-)
Tom
-----Original Message-----
From: Karim Amrani [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 2:25 PM
To: fw mailing list
Subject: [FW1] modem internet access on the internal LAN
Hi everybody,
Some users of the internal LAN of our firewall still use modems to
connect to internet (used to check the visibility of our web sites from
outside the firewall, mainly).
On their PC, they have an Ethernet card and a ISDN card.
As I saw some of IP addresses they got from the modem ISP in the IP
database of the FW, it means that their PC is leaking its ISDN's IP on
the ethernet LAN...
Am I wrong somewhere ?
May this be corrected by some configuration on the PC ?
TIA,
Karim AMRANI
Allasso
Theale House
Brunel Road
Theale, Reading
RG7 4AQ
+44 (0) 118 9711511
[EMAIL PROTECTED]
http://www.allasso.com
DISCLAIMER
Any opinions expressed in this email are those of the individual and not
necessarily the Company. This email and any files transmitted with it,
including replies and forwarded copies (which may contain alterations)
subsequently transmitted from the Company, are confidential and solely for
the use of the intended recipient. It may contain material protected by
attorney-client privilege. If you are not the intended recipient or the
person responsible for delivering to the intended recipient, be advised
that you have received this email in error and that any use is strictly
prohibited.
If you have received this email in error please notify the IT manager by
telephone on +44 (0)118 9711511 or via email to
[EMAIL PROTECTED], including a copy of this message. Please
then delete this email and destroy any copies of it.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
