[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Small office integration.
but if there is more then one User on the Remote (DSL) side there would be a NAT router before the Secure Remote connection, so there should not be a very strange security problem, in fact the Secure Client or any other Desktop Firewall would be a good idea if you are connecting to your Site directly useing any dialup Internet connection .... yours Oliver ----- Original Message ----- From: "Dan Hitchcock" <[email protected]> To: <[email protected]>; "Joe Voisin (FW1)" <[email protected]> Cc: <[email protected]> Sent: Friday, November 17, 2000 12:30 AM Subject: RE: [FW1] Small office integration. > > This will work. However, I would recommend against this solution from a > security perspective. SecuRemote on an always-on connection (especially > >from a static IP address) is a very nice "trusted" connection into your > internal network, both for the intended user and any hacker who manages to > subvert your machine. If you SR client is some Win98 or NT workstation, it > is not too hard for an experienced hacker > to subvert the SR client and slide into your network on this "trusted" > connection, while all of your logging makes it look like a valid SR session. > Two possible solutions: > > 1 - Checkpoint SecureClient. Way too expensive, but a seamless solution for > client-side firewalling. > 2 - Checkpoint SmallOffice. They have teamed with Intrusion.com and Ramp > Networks to build some handy little firewalls with full VPN functionality. > For low user counts, this a great solution - the licensing is much cheaper > than the full-blown FW1 license. > > Hope that helps, and isn't too off-topic. > > Dan Hitchcock > CCNA, MCSE > Network Engineer > Xylo, Inc. (formerly employeesavings.com) >> The work/life solution for corporate thought leaders > > -----Original Message----- > From: Mark Decker [mailto:[email protected]] > Sent: Thursday, November 16, 2000 1:53 PM > To: Joe Voisin (FW1) > Cc: [email protected] > Subject: RE: [FW1] Small office integration. > > > > Joe, > > Here's another option along the lines of Oliver's post, which might be > preferrable if the number of users at the remote location is small. Many > ISPs will let you have more than one user account and registered IP address > on a DSL or Cable connection, usually for a small add'l fee (e.g. $5/mo per > extra user). That way you don't need to buy a router or do NAT at the > remote location. Just attach a hub to the DSL/Cable modem and several users > can SecuRemote to their heart's content. > > Mark L. Decker > Rainfinity > [email protected] > www.rainfinity.com >> > > > Oliver Bogen wrote: > > > > I think the cheapest way will be: > > you get a normal DSL connection for your User and use Secure Remote over > > the DSL connection. > > > > in case there is more than one User you can use > > eg. a Zyxel Prestige 128l to connect your local Lan to the Internet via > > DSL and if you upgrade to SP2 it will be possible for each user to > > connect to your company via SecureRemote because with SP2 it > > is possible to use Secure Remote behind a NAT Router ...... > > > > > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|