Firewalls: Dial-Up Access

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Dial-Up Access
From:	Ricardo . Pereira @ inesc . pt (Ricardo Jorge Pereira)
Date:	Wed, 26 Apr 1995 15:16:49 +0200 (MET DST)
To:	firewalls @ GreatCircle . com


There has been much discussion in this list about, dial-up access, and
I will probably refer some subjects which  have already been discussed. The
thing is that the problem I have must be addressed as a whole, and I'll give
a brief description:

    We are building a firewall system for a large company, which has 
departmental Netware LANS spanned all over the country. The firewall service
would be installed in it's headquarters. Two things that I have to live with:

     1. They will use Netware Connect . I'm not very familiar with this, but
        from what I know, NW Connect, can route IP traffic, and if it can
        users will demand it. IPX will also be used.

     2. The access points (NW Connect servers), will be all over the country
        so that they can be administered locally, and to be able to offer a
        local call charges. This is the reason I can not put the dial-up
        accesses outside the firewall.

   What I am looking for now, is a way to solve the following problems ( I
 understand some points may be specific to the Novell product, but I consider
 this to be an important subject when we are talking of securing large
 corporation networks).

     1. What is the possibility to enforce NW Connect security from a central
        point, rather than trust system administratos at remote sites, which
        may not be that sensible to security issues ?
  
     2. Would it be wise (or possible) to allow IPX traffic to the local LAN
        directly, but route any IP to the screened subnet we are installing
        at the headquarters ? This would give a scenario of external users
        inside your network : a good use for IP over IP ?

   I have not studied any of the proposed solutions, yet, so there may be some
   flaws which would not allow some of them. If anyone had a similar problem,
   or just wants to give some ideas, a thread on this subject would be nice. 

Thanks.

-- 
__________________________________________________________________
Ricardo Jorge Pereira
Network Consultant
Centro de Comunicacoes em Ambientes Empresariais
Av. Duque d'Avila 23, Apartado 10105, 1017 Lisboa Codex, Portugal
Telef  : +351 1 3100069
Fax    : +351 1 3100068
email  : ricardo .
 pereira @
 inesc .
 pt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      Microsoft is not the answer, Microsoft is the question.
                         No is the answer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Indexed By Date	Previous:	E-mail virus scanning(Good Times) From: LUKE WESEMAN <LUKE_WESEMAN . MAXUSA @ notes . maxus . com>
Indexed By Date	Next:	Re: Lecture on firewall performance From: robp @ anubis . network . com (Rob Peglar)
Indexed By Thread	Previous:	Dial-up access From: Ricardo . Pereira @ inesc . pt (Ricardo Jorge Pereira)
Indexed By Thread	Next:	Firewall management tools From: fc @ all . net (Dr. Frederick B. Cohen)