Periodic use of a security scanner on your network will locate
non-conformists. Then, take your company's security policy and beat them
with it. If your security policy isn't very thick, place it in a heavy
3-ring binder before you start swinging =)
-----Original Message-----
From: Tom Rowan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 08:25
To: '[EMAIL PROTECTED]'
Cc: fw mailing list
Subject: RE: [FW1] modem internet access on the internal LAN
The difficult bit's coming... getting the users (especially techies..)
to hand back their modems and then watching them for buying some more....
;-)
-----Original Message-----
From: Karim Amrani [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 4:19 PM
To: Tom Rowan
Cc: fw mailing list
Subject: Re: [FW1] modem internet access on the internal LAN
Hi Tom,
I do understand the point...Armoring the front door and leaving the windows
open...
I'm going to isolate one PC that can dial out and try to snap the modems
from the others...
Thanks,
Karim AMRANI
Tom Rowan wrote:
> Hi,
>
> With the greatest of respect, the wrong thing that you're doing is
bypassing
> your firewall!!! Why spend all that money on huge, expensive titanium
> padlocks if you're going to leave them undone?!
>
> 1) Remove the modems.
> 2) Buy a standalone PC. Put a modem in it but NO network card.
> 3) Stick a skull and cross bones on it and never trust it again.
>
> Well okay, perhaps number 3 is a bit extreme, but you get my point? ;-)
>
> Tom
>
> -----Original Message-----
> From: Karim Amrani [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 08, 2000 2:25 PM
> To: fw mailing list
> Subject: [FW1] modem internet access on the internal LAN
>
> Hi everybody,
>
> Some users of the internal LAN of our firewall still use modems to
> connect to internet (used to check the visibility of our web sites from
> outside the firewall, mainly).
>
> On their PC, they have an Ethernet card and a ISDN card.
> As I saw some of IP addresses they got from the modem ISP in the IP
> database of the FW, it means that their PC is leaking its ISDN's IP on
> the ethernet LAN...
>
> Am I wrong somewhere ?
> May this be corrected by some configuration on the PC ?
>
> TIA,
> Karim AMRANI
>
> Allasso
> Theale House
> Brunel Road
> Theale, Reading
> RG7 4AQ
> +44 (0) 118 9711511
>
> [EMAIL PROTECTED]
> http://www.allasso.com
>
> DISCLAIMER
> Any opinions expressed in this email are those of the individual and not
necessarily the Company. This email and any files transmitted with it,
including replies and forwarded copies (which may contain alterations)
subsequently transmitted from the Company, are confidential and solely for
the use of the intended recipient. It may contain material protected by
attorney-client privilege. If you are not the intended recipient or the
person responsible for delivering to the intended recipient, be advised that
you have received this email in error and that any use is strictly
prohibited.
>
> If you have received this email in error please notify the IT manager by
telephone on +44 (0)118 9711511 or via email to
[EMAIL PROTECTED], including a copy of this message. Please then
delete this email and destroy any copies of it.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
