> From: webberr @
pictel .
com (Bob Webber)
> Subject: Re: Allowing FTP and TELNET through firewall.
>
> > From: cyerkes @
jpmorgan .
com
> ...
> > Filtering routers can work, but can they authenticate using a
> > SecureID? Can the leave a detailed audit trail? Can they allow ftp
> > users to "get" but not "put"? Can they be easily audited by a Unix
> > SA? and for smaller companies are they cost efficient? I can take
> > a US$1300 IPC with an extra ethernet card or just a PPP connection
> > and have a firewall that I trust. Larger companies would probably
> > have routers ANYway, so it's an option.
>
> What your IPC can't do, at least under SunOS 4.x, is tell which interface
> a packet came in on. On a Cisco router (for e.g.) you can block
> "outside" net traffic that has an "inside" net source address. This
> means that a bad guy can't flange up a packet with an internal
> source address, fool your source-IP-based access control list.
Yes, your IPC can. Smallworks sells software that does this. Contact
<charisse @
smallworks .
com>.
Jim
|
|
