On Sun, 22 Oct 1995, Jason Kwok wrote:
> The above question may be very obvious to most of you, but I just can't
> take the risk to assume my thought is true.
> I am going to allow each host on a Novell network (running IPX) to
> access the Internet though a Internet Server. All host on the network
> are PCs and will run Netscape, Eudora and a TCP/IP suite. There are also
> some connection from the network to AS400 as well as Mainframe. Of
> course, both the AS400 and the Mainframe are not running TCP/IP.
I understand that your AS400 and the Mainframe are not running TCP/IP but
what I don't understand is your lead-in "Of course,...."
Also, as an aside, it would be a lot easier to quote your message in
replies if the lines were less than 80 characters between linefeeds.
> My thinking is that since there are only clients running on the PC, and
> the AS400 or Mainframe can't talk TCP/IP, the hacker is unable to crack
> the PC, and cannot reach the AS400 and Mainframe. Therefore, we don't
> need firewall to protect our internal network.
> Does my thinking correct ? Please help to point it out if I'm wrong.
> Jason Kwok
I can't determine if your thinking is correct or not, it depends on some
information not provided by your message. Since you mention that all the
PC's will have TCP/IP suites what is the purpose/function of the "Internet
Server"? What hardware/software is used for this server?
Can the PC's that will have
access to the Internet also have access to your AS400 and/or your Mainframe?
If yes, can the access of the PC's to your non-TCP/IP machines and the
Internet be concurrent (at the same time)? Do any of the PC's have modems
on them and/or access to a modem pool? Do you run any X-Window emulation
software on any of your PC's? How certain are you that "only clients" are
running on the PC's? Some Internet access suites have the ability for
the PC user to allow use of their PC as an FTP server. This could
be very dangerous especially if the PC user doesn't set things up
correctly. Aside from the risk of allowing a hacker into your network
this could lead to someone stealing some or all of your liscensed PC
software and pirating it with your serial numbers, etc. included.
What OS is running on the PC's, i.e. Dos/Windows, OS/2 (half an Operating
System), Windows95, Windows NT? What CPU hardware is used in the PC's?,
i.e. 386, 486, Pentium, etc.. What policies and procedures are in place
for virus detection? Can (or do) people have the ability to connect their
personal laptop PC's to the PC network? Do you have any "asset management"
software in place that continuously monitors the hardware and software
configurations of the PC's? Do you have a security policy? If no, I
suggest one be established, if yes, does the idea of no Internet firewall
support and comply with the security policy?
**** cjolley @
net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****