Questions:
Are there generally recommended way(s) in which to setup a
pool of modems for dialin (possibly dialback) capability whilst
remaining secure ?
Brief background:
SLIP/PPP are not involved, & the users have DOS pc's at home,
connecting into a SunOS 4.x box - this small network is soon to be
connected via a leased line to a larger main network - which
will supply the inet connection & will have the firewall
setup - our only concern here are is securing the modems at the
small site.
The following thoughts have occured to me - please comment/criticise
constructively.
1. Recently i have heard that dialback modems arent as secure as
once (?) thought. Does anyone have any experiences/war-stories/
hard facts on this ?
2. I have heard of a device that can attach to the phone network &
monitor the target phone number & log data (passwords ?) from it
for later re-use. Would Bellcore S/Key be strong enough to defeat this
in as much as, "so what if you see the password its only valid once".
3. Possibly using a low-end cisco with modem support, alternatively a
telebit netblazer, but i've heard there's problems with its *strange*
optimisation with the rules you supply it. Any preferences/why ?
4. Would it be a good idea to screen the modems off into another subnet
& monitor that net for dialin attempts ?
Thanks & Regards
Steve
Follow-Ups:
|
|
