Great Circle Associates Firewalls
(April 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Telnet (through Firewall)
From: Frederick M Avolio <avolio @ tis . com>
Date: Thu, 24 Apr 1997 15:29:22 -0400
To: PAUL . SMITH @ arpstl-emh2 . army . mil, " - (052)Firewalls(a)GreatCircle.COM" <Firewalls @ greatcircle . com>
In-reply-to: <0008200001247052000002* @ MHS> 
At 07:51 AM 4/24/97 -0400, PAUL .
 SMITH @
 arpstl-emh2 .
 army .
 mil wrote:
>     I have recently been hit with requests for Telnet access from public
>     hosts to the private side of our network (through the firewall).  What
>     is the current strategy in regards to this?
>
>     One possibility I see is to break the process at the firewall and
>     setup Telnet enabled accounts there.  Have the user Telnet into the
>     firewall, and then from the firewall to our internal hosts.  This
>     method seems "unclean" to me...Not to mention the overhead on the side
>     of the users to have to FTP their data to the firewall and then from
>     the firewall to the internal host...??  Thanks in advance for any
>     suggestions...

Yikes. Yes, it is "unclean" in various senses.  Any user account on the
firewall is an opening for attack.  I don't know much about the IBM
firewall, but many commercial firewalls -- including ours -- utilize proxy
software to allow controlled access through the firewall for TELNET or FTP
and require strong user authentication (not passwords) to get in.

Fred
Follow-Ups:
References:
Indexed By Date Previous: domain names for free,,?
From: "*-=[ obelicks ]=-*" <saliman @ sunsite . upm . edu . my>
Next: Re: Opinion: Unix vs NT
From: "Jonathan M. Bresler" <jmb @ FRB . GOV>
Indexed By Thread Previous: Telnet (through Firewall)
From: PAUL . SMITH @ arpstl-emh2 . army . mil
Next: Re: Telnet (through Firewall)
From: vadillo @ apu . rcp . net . pe (Enrique Vadillo)
Google
 
Search Internet Search www.greatcircle.com