>chris> 4. It would be real nice if users on our US office network could drive
>chris> straight through our gateway as if it weren't there.
> it's easy enough for someone to spoof your us office network and
> drive straight through your router as well. this *is* a good
> problem. does anyone have any good solutions?
I'd look into using some kind of tunnelling router or encrypting
router. If you can encrypt point-to-point between your remote offices,
for someone to spoof you, they'd have to inject packets into your crypto,
which would be A Trick. Does KarlBridge do encrypted tunnelling? The
MorningStar tunnelling driver or my tunnelling driver + crypto, would
do the trick. UUNet Technologies has a box they call the LAN Guardian
that does point-to-point crypto at very high speeds, with the ability
to select network peers to do crypto over. You could implement exactly
what you want, using that. With a little creativity in routing, you
could easily implement the moral equivalent of encrypted tunnels,
without interfering with normal internet traffic.
>chris> To reach an internal machine
>chris> it would be necessary to login to the gateway and then
>chris> rlogin/telnet again from there.
> i haven't been able to decide what to do with this and hope to hear
> more response from the list. add users to the firewall, and you add
> too much noise to the logs for them to do any good, as well as
> adding to the vulnerability of the firewall. have all users go
> through a single account and you have a password distribution, and
> accountability problem.
I never recommend putting users on firewalls. It's not just a
security problem, it's an administrative hassle. For one thing, you
have to worry about them using up disk space, etc, etc, etc. I like
my firewalls to be something I set up, and more or less forget about
except for when the hardware breaks.
If you have to, a captive login program that does a chroot to
someplace and drops the user into a simple shell that lets them telnet,
or rlogin to other machines, will do 95% of what you want.
> unfortunately, there is always a tradeoff: the better the security,
> the more inconvenient the firewall. is a convenient, secure
> firewall desirable? attainable?
Convenient, secure firewalls are easily obtained. Granted,
there is always some byproduct of security that is visible, but I
think you can do a pretty good job if you think things through. I
like to think the DEC SEAL is a pretty good compromise between
security and user friendliness, with security taking precedence
where it has to.