Firewalls: Re: To Gauntlet or not to Gauntlet

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: To Gauntlet or not to Gauntlet
From:	Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Date:	10 Oct 97 9:33:31 EDT
To:	"Messano Jim" <jim . messano @ lmco . com>
Cc:	"'Firewalls Q?'" <firewalls @ GreatCircle . COM>

So you want to create a VPN for the employees to get
back in, and not the folks from the other company, yes?

(This is a VPN minus the encryption or tunneling, it looks
like, so there goes a fair portion of the security.)

However, the non-employees will have access (across
the net) to the employee machines that do have access
to the intranet?

So, if I'm one of these non-employees, and I decide
to access your intranet, then I will have to telnet
to one of the employee machines first?

(I say telnet, but it could be just about any protocol..
even me dropping a trojan file of some sort on
the fileshare of one of the employee's Win95 boxes.)

     Ryan

---------- Previous Message ----------
To: firewalls
cc: 
From: jim .
 messano @
 lmco .
 com ("Messano, Jim") @ smtp
Date: 10/10/97 08:05:21 AM
Subject: To Gauntlet or not to Gauntlet

I have a customer who wants to setup a LAN for Company employees as well
as employees of other companies, all of whom will be working together on
a joint venture project. This LAN will be external to the Company
Intranet. However, the customer also wants Company employees to be able
to access the Company's Intranet. 

If I insert a Gauntlet between a LAN router and a router to the Company
Intranet, would I be able to enforce strong, two factor authentication
(via an ACE server) and then establish a plug-gw so they could access
all of the same services as if the Company employees were directly
connected to the Company Intranet, without having to re-authenticate
themselves for each service? Basically, my customer wants to
authenticate once, then keep the "pipe" open for all intranet access.

I realize that this implementation, if valid, is alien to the purpose of
installing a Gauntlet. However, since I need to connect an external LAN
to the Company intranet and I need to differentiate between the good
guys and the bad guys, I thought to use the granular filtering of a
Gauntlet. 

The main purpose of the Gauntlet is to not allow non-Company employees
to access the Intranet. (Yeah, I know I used a double negative. My
apologies to any English majors who read this note.)

Any comments/suggestions would be welcome.

Follow-Ups:

Re: To Gauntlet or not to Gauntlet
From: "Paul D. Robertson" <proberts @ clark . net>

Indexed By Date	Previous:	Re:RE: Keyword filtering of email through firewall From: mbeech @ csc . ragroup . co . uk
Indexed By Date	Next:	your signature file From: "Franco RUGGIERI" <fruggieri @ selfin . net>
Indexed By Thread	Previous:	Re: To Gauntlet or not to Gauntlet From: Ian Poynter <ian @ jerboa . com>
Indexed By Thread	Next:	Re: To Gauntlet or not to Gauntlet From: "Paul D. Robertson" <proberts @ clark . net>