Hello, don't you love netcom?
I'm considering implementing something on our firewalls. Obviously, this is
not a new idea, and I would be surprised if it weren't already implemented at
many sites. Regardless, I'd like to discuss the pros and cons.
Imagine, if you will, a firewalled network. Out in the big bad world, bad
people sniff and "hijack" connections to and from the firewall. However,
there exists connections to the firewall which are needed, because the people
on site at the firewall are lame and can't admin it. Plus we can charge them
money to admin, etc... So, we develop a deslogin into the firewall. This
allows us to do remote admin, so long as the des encryption implementation
is done correctly.
Another reason I like this, as opposed to skey, is that it allows a person
to telnet to the firewall, then telnet around within the internal network with
little fear that their paswords are vulnerable.
Obviously, the other ways to do offsite firewall management are skey, or
out of band management (modems, etc..) Both of those are inconvenient, and if
this plan is as effective and secure, I would rather do that.