Your two choices are to put the hosts they do get
access to into a DMZ, or to increase security on all
the other hosts in your network. In your net, option
2 probably isn't practical.
---------- Previous Message ----------
From: khanhi @ emirates.com (Hidayatullah Khan) @ smtp
Date: 06/08/97 11:30:23 AM
Subject: Restrict Springboarding
Ours is a large organization with a class B addressing. We have a
firewall in place to allow outgoing web and mail services. Often we
have vendors coming in to our systems to support thier applications. Our
firewall is configured to allow the vendors to telnet to specific hosts.
On a couple of occasions I have noticed a vendor's presence on a
different host for which he was not intended to. My question is how can
we restrict a vendor from "springboarding" (i.e telnetting to other
machines on our network) from the actual specific host.
Thanks in Adv,