>If you use this approach to treat dialins like "insiders," it doesn't
>do anything for the basic problem. Once your SLIP connection is
>processing "inside" packets, it could give attackers a bridge inside
>if there's a second modem on your home machine. The ultimate breach,
>of course, is to connect the second modem to your local Internet
>provider and serve as a router for packets between the 'Net and
>inside. This neatly bypasses any filtering routers, firewalls, or
>other things defending the site.
So use filtering on your end of the SLIP (or PPP or whatever; MorningStar's
PPP product has pretty good packet filtering, and I think it does SLIP too,
but I'm not sure) line to limit packets to those coming to/from the IP
address of the legitimate home machine (plus whatever further restrictions
you feel are appropriate).
-Brent
----------------------------------------------------------------------
For info about the Internet Security Firewalls Tutorial and a schedule
of upcoming dates, please send email to Tutorial-Info @
GreatCircle .
COM
----------------------------------------------------------------------
Brent Chapman Great Circle Associates
Brent @
GreatCircle .
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041
|
|
