On Fri, 27 Feb 1998 klinec @
> This is a little off-topic, but I thought I would try it anyway.
> We provide Internet access to 300 users enterprise-wide through
> our frame-relay WAN connections and our firewall at our corporate
> headquarters. Some users have decided to go out and get accounts
> with local ISPs and have dial-up connections in Windows95 or
> Windows NT to these ISPs. How much of a security risk does
> everyone think this may be? Since these users are typically
> dynamically assigned an IP address when they log in to their ISP,
> they then have TWO IP addresses on their system. One for the
> network card and one for the dial-up PPP connection. Could an
> attacker use this situation to attack our network? How likely
> is this?
> We are trying to eradicate this from our network, but some of
> these users are pretty stubborn.
I don't understand what they have to be stubborn about. Why do
they need internet access TWO ways? It gives two ways in, and
even if an attack isn't found it soon will be 8^). Also, all
of those dial-up analog lines (assuming interior of company's
phone lines are digital) are costing your company $$. Me and a
friend were discussing this, and we believe we could access the
files on the PC. Sounds to me like you just made your firewall
pointless and useless. I know companies that have had firewalls
that were never breached, but the modem bank for home access
to employees caused numerous break-ins.
Yank their phone lines...
The Hobbit (NOT the netcat one)