> What are the worst forms of abuse that can happen via SLIP run "past" (or
> around) the firewall? Can I somehow remove from the home machines the
> capability of further extending the network in uncontrolled fashion? And
> will enforcing modem callback substantially reduce the risk?
The biggest problem with this, IMHO, is that you're opening up the possibility
for someone to circumvent your firewall by doing something to one of your user's
home machine - which would be possible of they have connectivity beyond your
For example, my home machine is a Sun, so it'd be very easy for me to allow
dialup access to my system. One of my modems is connected to work, and I'm
therefore behind the firewall. If some ]<raker ]D00D successfully gets into
my home machine, he's got a prompt on a machine behind my company's firewall.
Uh oh. With more and more people getting real operating systems on their home
machines (more folks getting workstation type boxes at home, or getting Unix,
especially free Unix ala Linux, 386BSD, etc), this is becoming more of a threat
than it once was.
In the office, it's fairly easy to come up with rules that people have to
stick to, like "no modems that answer incoming calls allowed," but how do you
deal with these threats when they're coming from an employee's home machine?
Does my employer have the right to tell me that my personal hardware can't be
connected to anything but company networks? Maybe they say I can't be on their
network at the same time that I'm on another machine, but what if someone hacks
me while I'm not connected, and puts in a time bomb that hacks the net from
inside once I connect? This gets tricky, I think.
I've been able to think of other problems (like having a modem pool that could
be hacked) with this scenario, but I'm able to also think of quick solutions
to minimize those threats (such as one-time passwords to not allow dial-in
scripts, password guessing, etc.)
C Matthew Curtin
AT&T Bell Labs - Internet Gateway Group cmcurtin @