Deepsixing the term server is actually a pretty good idea, and may have a good
chance of flying if you pitch a good VPN product as its replacement. Then
your users can access your company network at Cable or DSL speed, more or
less. And you close a loophole that has existed before anyone at your company
even heard of DSL or Cable modems. How do you know that one of your users
wasn't already dialed up to their ISP on one modem, while dialed into your
term server on a second modem?
The VPN can also be used when a user dials directly into your modem pool, and
can provide some measure of improvement in security over simple PPP, depending
on how strong the VPN is at authenticating and encrypting traffic.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Walt Sullivan
> Sent: Friday, July 02, 1999 11:40 AM
> To: [EMAIL PROTECTED]
> Subject: DSL/CableModem + dial-up = ???
>
>
> If a user has a PC at home that's permanently connected to the 'net
> via ADSL, DSL or a cable modem, and uses his old serial port modem to
> dial up a terminal (PPP) server inside our firewall protected network,
> then our network security depends on the inability of his home PC to
> route packets (or to be subverted so that it routes packets).
>
> Are there any products out there that run on users home PCs (Windows
> 95/98, Macintosh, Linux, ???) that will disable the network interface
> card while the serial port modem is in use?
>
> Does anyone have any suggestions on how I can address this seeming
> vulnerability? Deep sixing the terminal server is a good idea, but
> probably won't fly.
>
> Thanks,
>
> Walt
> Walt Sullivan
> Internet Security Consultant
> Heritage Canada, Hull, Quebec, Canada
> Voice: (819) 997-0749
> FAX: (819) 994-1599
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
