We have two ICS systems, (internal control system), one is located in our
vendor's location, one within our offices. The vendor wrote the software.
Both crunch the same data and are cross-checked multiple times per day to
by us and an independent auditor to verify that no tampering has taken
place. Both systems receive data from the same 3 hosts via telnet. How
can we prevent the vendor or others from telneting into the host, and
from there into our ICS? We have PIX and Gauntlet available to us. As the
application is custom, no proxy will be available. Can a telnet session
from the host be distinguished from a telnet session originating
elsewhere and coming through a trusted host?