General discussion

Locked

security

By iordkiou ·
Hi
your articles are grate.
I have the following problem:
I have installed a local area network (Ethernet) of 23 PCs witch has the format described below.
1 server witch is using Windows NT4
22 clients using win98 plus
Some network hosts have a modem installed. I want to prohibit dial up internet connection from those hosts while they are also connected to the local area network, so as to protect the LAN from virus and intruder atacks. I don't have the authority to remove the modem fromeatch one of these hosts and of course I am not able to supervise all the users becase they are located in several rooms away from mine. I was wondering if there is a way so as to protect or close the LAN connection of every host witch is attemting a dial up connection.
Many thanks

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

security

by James R Linn In reply to security

First principle in security is to have multiple layers to ensure that the failure of any one layer doesn' compromise your system.

I would start with the physical layer. Modems need analog lines - do an audit of analog lines and make sure those users don't have one. You will find some users have fax machines, and they could "share" an analog line between the two devices.

You could remove the ability to create new connection documents through registry entries but smart users could undo that(unless you change them to NT/2000/XP and take away admin priveleges).

Your best bet is to go to your management and get agreemnet that the threat is real, the risk is high, and that official policy should be not to dial up the net. Then you need to get that information to the users.

I'd start there, and then do the analog line audit as a follow up.

James

Collapse -

security

by iordkiou In reply to security

Poster rated this answer

Collapse -

security

by TimTheToolMan In reply to security

Hi,

It seems to me that the situation is this...

Your LAN has either static IP addresses or dynamic DHCP served ones in a particular subnet.

When a client dials the internet he will be issued a dynamic IP address on that modem connection.
This is almost certain to be in a different network to you LAN.

That means there is no way that someone can hack into the rest of your LAN directly while someone is on the net via modem because Win98 machines dont act as routers.

BUT... That doesn't stop indirect attacks...such as a virus being loaded on the client and then propogated throughout your network. And of course that client itself CAN be subjected to attacks.

SO... Ensure that all PCs in your network (including the server) have good virus protection installed.

AND... Ensure that all the people who access the internet run a firewall program. There are free ones available if you hunt around...

www.tucows.com

...would be a good place to start looking.

A bettersolution would be to hae a single point of access to the internet for everyone if your organisation can afford it. Perhaps a DSL or cable connection.

Then you can appropriately secure your site at the one point of access, the "Internet connectionsharing machine"

Hope this helps,
Cheers,
Tim.

Collapse -

security

by iordkiou In reply to security

Poster rated this answer

Collapse -

security

by michaeltubs In reply to security

On the machines with the modem set two hardware profiles. One has the network adapter and the other has the network card. when the user boots his pc he/she will have the option of selecting the profile they want to use. This would work better in NT4or 2000 so that you could restrict the user from installing hardware on the machine.

Collapse -

security

by iordkiou In reply to security

Poster rated this answer

Collapse -

security

by iordkiou In reply to security

Point value changed by question poster.

Collapse -

security

by iordkiou In reply to security

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums