Firewalls Digest Monday, 23 May 1994 Volume 03 : Number 157
In this issue:
Re: Off the subject a bit - but I need some help...
kerberized telnet
Network Sniffer
See the end of the digest for information on subscribing to the Firewalls
or Firewalls-Digest mailing lists and on how to retrieve back issues.
----------------------------------------------------------------------
From: pauld @
pyramid .
com (Paul Daw)
Date: Sun, 22 May 94 13:17:09 PDT
Subject: Re: Off the subject a bit - but I need some help...
>From: sdeb @
callisto .
eci-esyst .
com (Steve Eason)
>Date: Fri, 20 May 94 17:48:02 EDT
>Subject: Off the subject a bit - but I need some help...
>
>I have a need for some input that is somewhat related to firewalls. It
>has to do with E-mail itself.
>
>There are some individuals within our company that contend that the
>probability of a security breach from the Internet is proportional to
>the number of users that have access to Internet via E-mail. While they
>have mgmt's ear, they do not have any technic>al data to support their
>charges. I need some practical input to refute this.
>
>Does any company out there limit the number of users that have access
>to Internet E-mail for security reasons? If yes, then what exactly are
>these security issues and how are they related to the number of users
>that can send or receive E-mail? Are these p>roblems rectified by a
>properly set up firewall, mail relayer and/or packet filtering router?
First, what do these people mean by "security breach"? Most of us on
the firewalls mailing list are concerned with unauthorized intrusion
into our networks and machines via the Internet. In this regard, Email
(and I'm talking the *content* of messages sent out over the Internet)
has little bearing, assuming that the messages sent don't tell the
world about a vulnerability on your firewall. History shows that the
message transport agent that is used to receive and deliver Email is
more of a concern than the content of the messages themselves.
Second, limiting electronic mail access to the Internet for *some* people
would be a difficult exercise. You could segregate those people by
the machine that they work on, and even then, I could probably spoof a
hapless sendmail daemon somewhere, and get my mail out anyway.
In many cases, management *is* concerned that employees will divulge
sensitive or proprietary information via email. They feel the same way
about someone using anonymous FTP to put sensitive information in the
hands of the enemy as well. This is a valid concern, but it is
somewhat myopic. Information leaks have been around a lot longer than
email or ftp. This is an issue of ethics, not technology.
If anyone at Pyramid insists that the Internet connection makes it
too easy for someone to steal code from Pyramid, I just reach for the
nearest 8mm tape, drop it into my briefcase, and smile! :-)
pauld @
pyramid .
com
------------------------------
From: hobbit @
bronze .
lcs .
mit .
edu (*Hobbit*)
Date: Sun, 22 May 94 23:34:18 EDT
Subject: kerberized telnet
I've used the FTP product [I used to work there]. It works, but you need to
build the kerberized telnetd for the server side of any machine you want
"protected" AND have a kerberos server available to serve both ends. It's a
biggish and expensive project. It took forever to even get a testing
environment for it working right.
Your time would probably be better spent playing with s/key.
_H*
------------------------------
From: girish @
scopus .
com (Girish Pradhan)
Date: Sun, 22 May 94 21:09:01 PDT
Subject: Network Sniffer
I have a basic question - Can a sniffer trace packets on different subnets ?
If so can anybody shed some light as to which would be a better buy for
less $$ or any free-ware software that can do the same. Any help will be appreciated.
Thanks
Girish S Pradhan
(girish @
scopus .
com)
------------------------------
End of Firewalls Digest V3 #157
*******************************
To subscribe to Firewalls-Digest, send the command:
subscribe firewalls-digest
in the body of a message to "Majordomo @
GreatCircle .
COM". If you want
to subscribe something other than the account the mail is coming from,
such as a local redistribution list, then append that address to the
"subscribe" command; for example, to subscribe "local-firewalls":
subscribe firewalls-digest local-firewalls @
your .
domain .
net
A non-digest (direct mail) version of this list is also available; to
subscribe to that instead, replace all instances of "firewalls-digest"
in the commands above with "firewalls".
Compressed back issues are available for anonymous FTP from
FTP.GreatCircle.COM, in pub/firewalls/digest/vNN.nMMM.Z (where "NN"
is the volume number, and "MMM" is the issue number).
|
|
