>
>
> I am looking for someone to relate their experience with the issue of
> providing private internet connections between institutions or organizations.
> I suspect, though I have no example of it, that there are many instances
> where organizations establish private internet connections between themselves
> to support commerce-related traffic because they don't want to send sensitive
> data through public networks.
>
> For these private connections, what are the typical security policies, and
> what kinds of firewall configurations are used to implement these security
> policies?
>
The answer is (drum roll, please): There is no pat answer.
Private corporate networks, which may interconnect various agencies,
departments or subsidiaries, have the same inconsistent requirements
as various entities connected to the Internet. That is, some may opt
for full scale, perimeter networks with bastion-host gateways to
handle proxy services; others may simply rely on route filtering or
extended access lists for TCP port services.
Many organizations have no earthly idea what another subsidiary may
harbour within the perimeter of their networks. Perhaps a back-door
to the Big, Bad Internet (tm)?
The one additional issue that may be pertinent is that while Internet
connectivity is IP-only, most corporate networks are rarely IP-only.
Many may relay on extensive SAP (Service Advertisement Protocol) filtering
if their primary application traffic is Novell Netware. Many may use
service filtering for other types of traffic, such as Appletalk, DECnet,
NetBIOS, IBM LSAP/DSAP, DEC LAT, XNS, whatever. It's a real eye-opener.
No two networks are the same, public or private.
- paul
_______________________________________________________________________________
Paul Ferguson
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul @
hawk .
sprintmrn .
com
Reston, Virginia USA http://www.sprintmrn.com
References:
|
|
