I spoke to Brent about this at the computer literacy Firewalls lecture
last week (thanks for the input, Brent!) but I wanted to throw this out
We are currently using a firewall configuration that consists of the
TCP wrapper and SOCKS, and we have done all of the right things with
regard to packet forwarding, disabling of unnecessary services, etc.
On occasion, engineers and customer support folk from our site go out
into the big bad world, and want to get back into the network via the
Internet connection. There are some obvious advantages to this - cost,
convenience and speed being the most significant. This activity is
usually done from a customer site that is connected to the Internet.
Brent's suggestion was to go ahead and allow this (i.e. enable the specific
IP address from the internet to get through the wrapper to telnetd,) using
a one time password, smart card or challenge response system to protect the
family jewels. This seems like a good first step, but after sitting around
drinking beer and eating pizza with the other security paranoids in the
sysadm group here, we saw a second potential problem.
Since these people are at customer sites, there is a real potential for
local eavesdropping. While the one-time-password scheme protects the
firewall from intrusion, it doesn't protect all of the internal
machines that the user might log into once he is on the gateway, and
those passwords will still be sent in the clear. The Internet gateway
isn't the only way in, and there is a possibility that the passwords
used on internal machines might also be used on modem servers and the
It seems like the only safe way to do this is to actually give the
remote user an encrypted telnet capability so that even the clear
passwords aren't sniffable at the remote site. Given this, I have
1) Am I *too* paranoid about all of this? Are we going too far?
2) If not, what are the restrictions for running encrypted telnet
in other countries? Should we be concerned about this?
Paul Daw, Pyramid Technology Corporation