Firewalls: Re: Reuters 3000 & Firewall-1

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Reuters 3000 & Firewall-1
From:	Christian ALT <calt @ tla . ch>
Date:	Thu, 31 Oct 1996 22:03:26 +0100
To:	Bruno Raoult <br @ ota . societe-generale . fr>, firewalls @ GreatCircle . COM
References:	<Pine . LNX . 3 . 91 . 961031090152 . 25450B-100000 @ styx1 . ota . societe-generale . fr>
Reply-to:	calt @ tla . ch

Bruno Raoult wrote:
> 
> Hi,
> 
> Someone talked in this mailing list about the port problem between
> Reuters-3000 services and Firewall-1 services (#156 & 157).

Services 256 to 260

> 
> Unhapilly I lost the report, and I'd like to ask some questions,
> as:
>         - Is there a security problem with this configuration?
Yes the Reuters-3000 session server is placed in your LAN and has 
direct connection to Reuters. This allows Reuters's people to have an
access to your network. The Reuter's documentation encourages you to
insert a firewall between the session server and your LAN, and so do I.

>         - Reuters-3000 uses Full IP from customer site to Reuters
>           servers. Reuters does not want to give me details about
>           their internal security. Does someone knows something about it?
Yes I do know.

>         - Reuters uses a Real-time Unix (QNX) as session server (=gateway).
>           Does someone knows about the security of this machine?
>         - The QNX IP stack has been re-written for Reuters. Any
>           information?
It is a unix system. They should be worried that you cannot agress their
system.

>         - Reuters needs the customer to use RIP protocol. I think it
>           may be quite dangerous, as Reuters may get information about
>           our real network
You do not need RIP. They will broadcast their router on your network.
You can use static routing, and block their rip service.

>         - Reuters "RBR" service needs to share NT disks from Reuters
>           side to customer side. I think this implies the use of "considered
>           dangerous" services as 137/138/139. Is there a risk there?
I do not have experience with that service

> 
> Thank you for your help.
> 
> PS. Similar problems occur with Bloomberg service. Does someone uses it?
Yes we went also through the security of the Bloomberg service. The
situation can easely be secured, with a router or a firewall



> 
>                  \|||/
>                  (. .)
> +-------------ooO-(_)-Ooo------------------------------------------------+
> | Bruno RAOULT - Chess, tonight?                                         |
> |                                                                        |
> |  Tel.   (33-1) 42.13.45.19         Fax:    (33-1) 42.13.69.66          |
> |  Kobby. (33-1) 51.01.20.71         e-mail: br @
 ota .
 societe-generale .
 fr  |
> +------------------------------------------------------------------------+
>                  || ||
>                 ooO Ooo

-- 
Christian ALT				E-mail: calt @
 tla .
 ch
Telecom and Logistics Associates	phone & fax : +41 22 328 14 88
10, Rue des Savoises, CH-1205 Geneva    http://www.tla.ch

References:

Re: Reuters 3000 & Firewall-1
From: Bruno Raoult <br @ ota . societe-generale . fr>

Indexed By Date	Previous:	Can fibre-optic be tapped??? From: Michael Dillon <michael @ memra . com>
Indexed By Date	Next:	Re: Reuters 3000 & Firewall-1 From: Christian ALT <calt @ tla . ch>
Indexed By Thread	Previous:	Re: Reuters 3000 & Firewall-1 From: Christian ALT <calt @ tla . ch>
Indexed By Thread	Next:	NAT support in routers (Cisco/3Com) From: Rafael Portillo <rafa @ techwebasia . com>