Great Circle Associates Firewalls
(April 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Telnet (through Firewall)
From: Matt Wallace <mwallace @ netcom . com>
Date: Thu, 24 Apr 1997 14:24:00 -0700 (PDT)
To: PAUL . SMITH @ arpstl-emh2 . army . mil
Cc: " - (052)Firewalls(a)GreatCircle.COM" <Firewalls @ GreatCircle . COM>
In-reply-to: <0008200001247052000002* @ MHS> 
Any sort of Telnet can be compromised too easily.
Strategy: Don't do it.

If you -must- allow telnet, authenticate with one time authentication,
but assume any data the person accesses on the inside can be accessed by
anyone. (Telnet is all plaintext)

Better strategy: invest in SSH or some type of VPN product. Try VPNet
(www.vpnet.com) for a product that does site-to-site hardware VPN,
as well as taking client machien (win95) VPN connections, all using dynamic
key exchange to maintain security.

-Matt

On Thu, 24 Apr 1997 PAUL .
 SMITH @
 arpstl-emh2 .
 army .
 mil wrote:

[snip]
>      And now my question:
> 
>      I have recently been hit with requests for Telnet access from public
>      hosts to the private side of our network (through the firewall).  What
>      is the current strategy in regards to this?
References:
Indexed By Date Previous: RE: Firewall Comparative Thoughts
From: Matt Wallace <mwallace @ netcom . com>
Next: Re: Firewalls-Digest V6 #171
From: Frank Willoughby <frankw @ in . net>
Indexed By Thread Previous: Re: Telnet (through Firewall)
From: John McLaughlin <John . McLaughlin @ Acucobol . IE>
Next: CR: LCN 97, The 22nd IEEE Conference on Computer Networks
From: Gary Kessler <kumquat @ hill . com>
Google
 
Search Internet Search www.greatcircle.com