Firewalls: Rogue Internet connection

Firewalls
(September 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Rogue Internet connection
From:	Henry Lemon <LEMONH%A1%Aristech_Chemical_Corporation @ mcimail . com>
Date:	Thu, 14 Sep 95 15:20 EST
To:	firewalls <firewalls @ greatcircle . com>

         
---------------------------------- ATTACHMENT ----------------------------------
DATE: Thu Sep 14, 1995  4:21 pm
SUBJECT:Research WWW                                                            
     
     Until recently I was under the impression that our organization did 
     not have Internet access.  I recently discovered that one 
     department has established a home grown network link.  Forget about 
     security policies.  That won't happen until we crash and burn.  
     Please evaluate this scenario for me.  What are our risks?  If the 
     responses are appropriate for the list, please email directly.
     
          
          A PC was configured to serve modems to the local area
          network for dial-out service only, using software from
          Synergy Solutions called Modem Assist Plus. This software,
          which consists of both a client and server portion allows
          for transparent PC communications(COM) port redirection. It
          does this by capturing all data intended for the PC's COM
          port and bundling it into Netbios messages and sending them
          to the Server PC. This data is then unpacked and sent to one
          of the attached modems. The server in turn bundles any data
          it receives into Netbios messages and sends the data back to
          the client. This permits any PC based communication program
          to transparently access the modems on the Modem Server.
          Requests for modems are queued by the server and users are
          notified of the availability of a modem so that they can
          either wait in the queue or try to access a modem later. The
          client portion of the software is Windows based so that DOS
          conventional memory requirements are not a factor.
          
          Access to the internet is provided through CompuServe Inc.'s
          PPP/SLIP access using their WINSOCK.DLL. This WINSOCK is
          pre-configured to work properly with CompuServe's PPP/SLIP
          servers. All users access the same PPP/SLIP account.
          
          The modems and server are accessible from 6 A.M. to 6 P.M.
          Monday through Friday. The server and modems are on a timer
          that cuts the power at all other times. This was done to
          dissuade users from abusing the service.
          
          Currently the system will support four simultaneous
          connections.  We have purchased a 50 seat network license to
          use Netscape Navigator for accessing the World Wide Web,
          newsgroups, ftp sites, and email.
          
     
     	 TIA
     
     Henry Lemon			Opinions expressed are mine
     Aristech Chemical Corp.		and not those of my employer
     600 Grant St.
     Room 930
     Pittsburgh PA 15201
     LEMONH%A1%Aristech_Chemical_Corporation @
 mcimail .
 com

Indexed By Date	Previous:	Re: Secure version of Sendmail From: chk @ psa . pencom . com (Christian Kuhtz)
Indexed By Date	Next:	Re: Secure version of Sendmail From: Peter Jeremy <jeremyp @ gsms01 . alcatel . com . au>
Indexed By Thread	Previous:	I wish Java would go away... From: Scott Barman <scott @ Disclosure . COM>
Indexed By Thread	Next:	Re: Rogue Internet connection From: cjc @ novell . com