Firewalls: call back facility

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	call back facility
From:	"J.H. vd Burg" <jhvdburg @ knmi . nl>
Date:	Fri, 19 Aug 1994 10:26:29 +0000 (WET)
To:	Firewalls @ greatcircle . com

To accomodate remote support of our systems by trusted people I am
considdering the following facility:

Trusted person calls in and
gets connected to a datacom package that expects
a pgp signed request to be called back
session will be aborted
the request is validated and mailed to sysop (at another system)
the trusted person is called and
again sends a (different) request, pgp signed obviously
this second mesage is also mailed to sysop and
the trusted person is now allowed to work on the system
for a "reasonable" amount of time

>From there on the trusted person is allowed to do anything that she/he would
be allowed to do at the workplace within the building.

Are there any flaws in this design (besides trusting people)?
Any suggestions, comments, ..... ?


Jan-Hein van der Burg
afdeling Systeembeheer-CWD, KNMI
e-mail: jhb @
 knmi .
 nl; tel: +31.30.206550
pgp 2.6 public key available

Indexed By Date	Previous:	Re: Security of Appletalk and Dial back modems From: T . Greenland @ uts . EDU . AU
Indexed By Date	Next:	Disaster Recovery Guidelines (fwd) From: pascal @ netcom . com (Conan-the-Librarian)
Indexed By Thread	Previous:	sorry From: smeltzk @ cs_srv1 . mh . dpi . qld . gov . au
Indexed By Thread	Next:	Disaster Recovery Guidelines (fwd) From: pascal @ netcom . com (Conan-the-Librarian)