Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is there a way to disable a lan connection when dialing out w/a modem?

Status
Not open for further replies.

mulo

MIS
Sep 9, 1999
1
US
Is there a way (software or hardware) to disconnect or cut off a user's lan connection if they use their modem to dial out to an ISP? We have a very secure LAN setup, but our only failing point is that several users w/in the LAN, have modems on their pc's which they use legitamately for product testing. I can not isolate these pc's off the LAN, due to other applications and databases that the users need, but everytime they dial out, they are completely bypassing every firewall, router and other security measures we have setup. I can not rely on, nor do I trust the end user to be security minded when they log on to their ISP's. Is there any measure that I can take to protect our network while not interfereing with the legitimate use of the modems????
 
i am assuming you are using windows of some sort for your clients you can copy the hardware profile edit it and label it for users to select on restarting or booting up
 
Big problem.<br>
<br>
Anyone using a sniffer can detect stray packets from your network via the modem links. Thus any IP masquerading in the firewall is defeated and may enable an attack on the hosts table (and other attacks).<br>
<br>
Also they may download a trojan horse which will activate when re-connected to the network.<br>
<br>
Basically you might as well throw away the firewall if you're going to allow this. Try simulating an attck by running satan against your system when a modem is connected.<br>
...and then tell the MD the results. Those 'legitimate' requirements may not seem so important.
 
As long as you have the modem and the NIC card in <b><i>separate</b></i> hardware profiles on these systems (so the system must be restarted in a diff. hardware profile to switch between LAN & modem useage) your security will not be <i>nearly</i> so weakened by the useage of the modems. If, however, ONE PERSON connects using a modem while still on the LAN you have increased your vulnerability by a factor of 5x-10x. <p>-Robherc<br><a href=mailto:robherc@netzero.net>robherc@netzero.net</a><br><a href= > </a><br>*nix installation & program collector/reseller. Contact me if you think you've got one that I don't :)
 
Alt-<br>
&nbsp;&nbsp;&nbsp;&nbsp;Will that stop our old <i>friend</i>? (BO) <p>-Robherc<br><a href=mailto:robherc@netzero.net>robherc@netzero.net</a><br><a href= > </a><br>*nix installation & program collector/reseller. Contact me if you think you've got one that I don't :)
 
If they are calling only ISP's, an (expensive) solution is to use a router, such as from Ramp 300 series, that routes dialup to ethernet (inthis case with an external modem), place a firewall (ramp 700s) between the station and the router. Cloud-&gt;Router-&gt;Firewall-&gt;WS. Then each dialup is firewalled. SBE used to make a router that held a PCMCIA card.<br>
<br>
OR to use the existing internal modems, install firewall software on each dialup, like WinGate or WinProxy.
 
hi ,<br>i am looking for a solution to the same problem.<br>Any advice would be greatly appreciated.<br><A HREF="mailto:sarveshwar.rao@cygnion.com">sarveshwar.rao@cygnion.com</A>
 
I missed this thread the first time round, but my advice would be to take the modems off the users, and provide an ISP connection via the LAN.<br><br>That way <i>you</i> control what is going in and out of the network, and remove many potential problem areas.
 
Can the originator of the message please write back (Vivian.Rodriguez@balancedit.com.au)with the solution that they went with? I have the same issues with a network that I'm looking at. To make matters worse, modem users will soon increase up to about 100 (from 20-30).

Thanks

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top