Hehe... this is a massive concern lately, I think, to corporate network
security people everyhwere.
Answer: Don't allow anybody in the corporation to be on the Internet
and the Intranet at the same time. I doubt any other security policy
would have even the slightest chance of success. Of course, people
STILL connect to the Internet while on the local network, SMB is almost
always activated, and nobody ever knows.... except small ill dogs.
Sick Puppy wrote:
> Those of use who have been sniffing around and peeing on marsupials
> found that as a new generation of PBX's is installed in many
> corporations, there is a new clash in the corporate culture. The new
> clash is opening up new opportunities for all of us to share their
> corporate resources. This is especially true for any intrepid
> who already have their own access to telco switches that provide ISDN.
> PBX managers are proudly trotting out their new desktop ISDN access.
> are competing directly with the folks who provide the LAN and WAN.
> Internet? We can give you your own fast ISDN. Slow firewalls? ISDN
> doesn't have a firewall, just gives you fast access all of the time.
> The ISDN through the PBX to the networked PC in the corporation is a
> kind of gateway to provide us with free access to corporate resources.
> Especially if its a Windows 95 PC or NT workstation with out of the
> security. So far every 95 or NT machine installed out of the box that
> was able to look at had all its security turned off.
> Now I am not suggesting anybody should use these new gateways to
> LAN's because the corporations might get pissed off. Bear in mind
> though, that these new gateways DO NOT give you any warning about a
> proprietary network or any other kind of warning. A good lawyer can
> with this. CATEGORIC DENIAL - I myself have never used such a
> However, if you do make your own shares on such a machine, make it an
> invisible share so that the folks in the corporate network don't see
> If you get caught it always makes send to lie. Make them prove every
> damn thing. A lot of the time the only real information they have is
> information YOU give them. Bruce Sterling's book "The Hacker
> makes this point very well.
> Sorry about such a long social disertation just to get to my question.
> How the hell do you firewall something like this?
> Sick Puppy, the Cat_Eating_Dawg