unless you have a screening router (or proxy server, or firewall) at
your end, you have no security at all. just cause the direct route to
your network is hidden doesn't give you any security. if it made it
impossible for the internet to reach you, none of your internet requests
would ever get back to you.
no matter how you go, ISP or MCI/SPRINT/ATT, you still need to get some
type of protection on your end, under your control. after all, would you
want to bank your company on your internet provider?
-joav kohn
sr. technical consultant
it/workgroup communications
landis & staefa
> > Date: Mon, 02 Jun 97 11:37:15 PDT
> > From: Mariko Yashada <mariko @
grfn .
org>
> > To: Firewalls Mailing List <firewalls @
GreatCircle .
COM>
> > Subject: ISP Connection
> >
> >
> >
> > My company is currently getting Internet access through a local ISP,
> using
> > PPP connections. We are now considering replacing the dial-up
> connections
> > with a leased line to the ISP. We will leave our web server at the
> ISP and
> > will continue to use their e-mail server. There will be a router at
> the ISP
> > end of the line. The line will connect to our Enterprise Network
> through a
> > router at our end. We will also put a proxy server at our end to
> filter out
> > going access and do NAT.
> >
> > The ISP people say this type of connection is more secure than a
> direct
> > connection to the Internet through say MCI, becuase our router will
> be
> > "hidden" behind their routing system. The IP address of our router
> will not
> > be accessable from outside the ISP domain.
> >
> > We will not allow incomming connections such as telnet or ftp. We
> will
> > restrict access from inside the company to e-mail, http, ftp and
> probably
> > audio.
> >
> > My question is, how secure is this type of connection? How difficult
> is it
> > for someone outside the ISP domain to discover and access our
> connection?
> >
> > Thanks,
> >
> > Mariko
> >
Follow-Ups:
|
|
