It's a matter of how much you -=personally=- trust lan B, and how much you
are allowed to mistrust lan B by your employer. Afterall, we are all
aware the weakest point in either lan becomes the weakest point in the
whole setup. In other words, lan a's "more stringent" policy becomes
reduced to lan b's policy. It sounds like this is and has already been
the case without this new application and server. Of course, the best way
to examine the request would be from the "critical business requirement"
pint of hte arguement. What is needed to be accomplished, and how might
it be done in a safer manner. Of course the ability to have upper mgt's
push for secure solutions sure helps, though I seldom see cases where
'production' concerns and wishes are outweighed by security when it comes
to the bottom $.
Thanks,
Ron DuFresne
On Wed, 11 Apr 2001, Brian Steele wrote:
> Not really a firewall issue - more of a security issue, but as there are a
> few security experts on the list..:-)
>
> Situation: Company consisting of two independently operating business units,
> let's say A and B. The operations of each unit is governed by its own
> internal security procedures, A's being more stringent than B's. The two
> business units are connected via a WAN.
>
> B want to install a software package in A's LAN to meet a "critical business
> requirement". However:
>
> 1. pcAnywhere has to be installed on the server running the
> package to allow staff from B to remote control the
> server (a Windows NT4 box, btw) when it's installed on
> A's LAN.
>
> 2. The software on the server will be interfacing with a critical
> system on A's LAN. And also with Internet users (via a
> firewall - port 80 only).
>
> 3. The software requires that the Administrator account be
> left logged on on the server's console.
>
> 4. The password for remote access via pcAnywhere (and
> thus the Administrator password) will be known to several
> persons in B.
>
> Now, if you were the sysadmin for A's LAN, would you consider this
> arrangement secure enough for internal business use? If not, are there any
> steps that you'd take to minimize the risk to your LAN? Or would you be
> raising the strongest protests to ensure such a system is not deployed on
> your LAN because of the security threat that it poses?
>
> Regards,
> Brian
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
