Actually, this is secure, but it is not any less secure than MCI for
instance. At a customer site, we have a connection to MCI and it is
advertised as a class C address from MCI as part of the MCI.COM domain.
The only difference we noticed when we researched this type of service
was performance. With MCI we get full T-1 to the MCI Internet POP,
whereas you may only get full T-1 to the ISP and then compete with
everyone else for part of the bandwidth to the internet.
On Mon, 2 Jun 1997, Mariko Yashada wrote:
> Date: Mon, 02 Jun 97 11:37:15 PDT
> From: Mariko Yashada <mariko @
grfn .
org>
> To: Firewalls Mailing List <firewalls @
GreatCircle .
COM>
> Subject: ISP Connection
>
>
>
> My company is currently getting Internet access through a local ISP, using
> PPP connections. We are now considering replacing the dial-up connections
> with a leased line to the ISP. We will leave our web server at the ISP and
> will continue to use their e-mail server. There will be a router at the ISP
> end of the line. The line will connect to our Enterprise Network through a
> router at our end. We will also put a proxy server at our end to filter out
> going access and do NAT.
>
> The ISP people say this type of connection is more secure than a direct
> connection to the Internet through say MCI, becuase our router will be
> "hidden" behind their routing system. The IP address of our router will not
> be accessable from outside the ISP domain.
>
> We will not allow incomming connections such as telnet or ftp. We will
> restrict access from inside the company to e-mail, http, ftp and probably
> audio.
>
> My question is, how secure is this type of connection? How difficult is it
> for someone outside the ISP domain to discover and access our connection?
>
> Thanks,
>
> Mariko
>
Scott Lupfer
Network/Systems Engineer
SSDS, Inc
E-mail: svl @
ssds .
com
21NET Phone: (719) 554-9833
Voice Mail: (719) 630-0100 x206
Pager: 1-800-931-5919
A radioactive cat has eighteen half-lives!
References:
|
|
