PMC e-mail id: 4377
(Well, I am having a tough time since the summary lines at the
beginning of firewall-digest disappeared, so I might miss responses to
my own posting. Here it goes anyway.)
> What are you thoughts and comments? Do you have any concerns with
> products like this? How do you or your company handle these products?
We allow web access from PCs in our DMZ only.
Our attitude is that anything on these PCs are suspect and
we take it for granted that these PCs may be prey to trojan horses or
virus, etc..
When someone asked me about this PCN software goodie,
I allowed the use with the above background in mind.
We don't even allow access to our gateway machines from these PCs.
Essentially, these PCs are island in the DMZ.
It certainly is a big surprise when I saw PCN program suggest that there
is a new upgrade and asked me if I be interested in upgrading it.
I answered yes and it fetched whatever data/program from somewhere
and installed it.
I know it can install sniffer, etc., but I assume that
my set up is such that it will not obtain much.
However, I am not so sure if the risks involved in PCN-like programs
are well understood by the rest of the company especially the
marketing and clerical people who just think of web as a good thing.
Anyway, we do NOT pass web traffic to our internal LAN.
Installing some spare PCs in DMZ for web surfing was the result of
the decision not to allow web traffic withitn the internal LAN.
--
Chiaki Ishikawa ishikawa @
personal-media .
co .
jp
Personal Media Corp.
Shinagawa, Tokyo, Japan 142
|
|
