At 07:51 AM 4/24/97 -0400, PAUL .
> I have recently been hit with requests for Telnet access from public
> hosts to the private side of our network (through the firewall). What
> is the current strategy in regards to this?
> One possibility I see is to break the process at the firewall and
> setup Telnet enabled accounts there. Have the user Telnet into the
> firewall, and then from the firewall to our internal hosts. This
> method seems "unclean" to me...Not to mention the overhead on the side
> of the users to have to FTP their data to the firewall and then from
> the firewall to the internal host...?? Thanks in advance for any
Yikes. Yes, it is "unclean" in various senses. Any user account on the
firewall is an opening for attack. I don't know much about the IBM
firewall, but many commercial firewalls -- including ours -- utilize proxy
software to allow controlled access through the firewall for TELNET or FTP
and require strong user authentication (not passwords) to get in.