In article <9504190422 .
com> you write:
> If some ]<raker ]D00D successfully gets into
>my home machine, he's got a prompt on a machine behind my company's firewall.
Or, if some cracker figures out which number my home machine is calling,
he is now at a public dial-in point behind the firewall.
In my security model, there are two firewalls, with a lobby area in between.
Dial-in points - like public servers - go in the lobby area.
- access link -
LOCAL ACCESS ROUTER with packet filter
LOBBY AREA includes public access servers, pc DNS and mail router
In my environment, we don't feel that the benefits of a proxy gateway
on the inside firewall is worth the trouble; we can live with a packet
filtering router. Thus, it is no trouble to punch a hole in the inner
"firewall" for the work-at-home dial-ins. I would worry a lot about
putting the access point for those dial-ins inside the inner firewall.
/ Lars Poulsen Internet E-mail: lars @
Rockwell Network Systems Phone: +1-805-562-3158
7402 Hollister Avenue Telefax: +1-805-968-8256
Santa Barbara, CA 93105 Internets: designed and built while you wait