Got a "touchy" question for you. There are several highly technical
people that are in the engineering/software development group(s) at
my wonderful place of employment. Most of them are running Windows NT
workstation and being the techies that they are refuse to allow the MIS
group to be administrators of their machines. It's not altogether
unreasonable since I don't want to be bothered every time they need to
install some new wiz bang development tool, etc. and they're generally
smart enough to fix what they break on their machines.
However, the also have modems in their machines and use it to RAS in from
home. There is a company-wide RAS dail-in system that is (soon to be
actually) SecureID'd that gives the exact same access.
Is it worth the extermely heated argument to force them not to setup their
modems for dial-in?
And if so, does anyone have some REALLY strong technical arguments what
the security risks are even when the modems are set to dial back their home?
Sure, dial back can be tricked (I'm told)(or even better break into their
home) and sure someone could then guess the password on their machine (or
tap the phone line) but all this is an extremely(?) technical attack versus
stealing a secureID card and guessing a password/PIN thingy.
Is it worth the argument or should I just require them to use dial back
when connecting from home and use the secureID/Corp RAS when on the
Rational Responses only please. (Ok funny one's too.)
----- Ed Maillet