Great Circle Associates Firewalls
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: Secure Telneting into a internal network
From: "Derrick 'Red 5' Cole" <derrick . cole @ ssds . com>
Date: Thu, 30 Jan 1997 09:23:06 -0500 (EST)
To: "Allen D. Harpham" <aharpham @ cnweb . com>
Cc: Firewalls @ greatcircle . com
In-reply-to: <Pine . LNX . 3 . 94 . 970129221849 . 11124A-100000 @ nebland . cnweb . com>
Reply-to: derrick . cole @ ssds . com 
There are at least two commercial offerings that provide the roaming user
an encrypted session back to the associated Internet firewall.  These
client "shims" are installed on the PC itself.  At least in one case, the
shim supposedly "knows" to encrypt session to the firewall while leaving
other sessions cleartext. 

You could also look at installing SSH on the firewall and obtaining a SSH
client.

Aside: Can/Will anyone comment on the... viability of SSH on a firewall?
Any gross/overt problems, other than "it's another exception, hence
another vulnerability"?

Thanks!
Derrick

On Wed, 29 Jan 1997, Allen D. Harpham wrote:

> Date: Wed, 29 Jan 1997 22:24:25 -0600 (CST)
> From: "Allen D. Harpham" <aharpham @
 cnweb .
 com>
> To: Firewalls @
 greatcircle .
 com
> Subject: RE: Secure Telneting into a internal network
> 
> Hi All,
> 
> Whats a safe way to allow people to telnet into a network past a firewall
> from the Internet?
> 
> I have a client that if possible, needs to allow employees to dial up a
> local ISP and telnet net into their internal network over the Internet.
> 
> We have a packet filtering router setup now, and have proposed adding a
> proxy server in addition to the packet filter.
> 
> I have warned them that allowing any telnet sessions in would be a big
> hole in the firewall, but they would like to pursue this further.
> 
> Any suggestions?
> 
> TIA, Allen 
> 
> ____________________________________________________________________________
> Allen D. Harpham, President   |     Voice:   (402)462-4619
> Computer Consultants of       |     Fax:     (402)462-4670
> Hastings, Inc.                |     E-mail:  aharpham @
 cnweb .
 com
> 1126 N. Briggs Ave.           |     HTTP:    http://www.cnweb.com
> Hastings, NE 68901-3713       | ____________________________________________
>                               | Custom programming, Network 
>                               | Design and Installation, 
>                               | Telecommunications Consulting,
>                               | Web Hosting Services
> ____________________________________________________________________________
> 

--
                             /             Derrick Cole (derrick .
 cole @
 ssds .
 com)
      ____/    ____/   ___  /    ____/    Suite 1000, Two Hannover Square
   ____  /  ____  /   /__/ /  ____  /    Raleigh, NC 27601-1764
 _______/ _______/ _______/ _______/    (919) 856-1441 Fax (919) 856-1455
 business-driven technology solutions             January 31st, 1997
Follow-Ups:
References:
Indexed By Date Previous: RE: Comparative Reviews
From: "Alberto de_la_Torre" <adelator @ tcgpo . com>
Next: RE: Comparative Reviews
From: Frederick M Avolio <avolio @ tis . com>
Indexed By Thread Previous: RE: Secure Telneting into a internal network
From: "Allen D. Harpham" <aharpham @ cnweb . com>
Next: RE: Secure Telneting into a internal network
From: "Allen D. Harpham" <aharpham @ cnweb . com>
Google
 
Search Internet Search www.greatcircle.com