My take on it: Do not allow remote control applications run through your firewall. Once they are in they are in and you might as well not have a firewall. If they cannot administer their NT server with the administration utilities that MS provides through a VPN or secure RAS connection then they should fix their server. If the server has a non-routable address (e.g. 10.x) and they first establish a secure VPN connection to your firewall, then and only then, you may want to consider a remote control application. You get to decide what level of proof they will need to provide that absolutely nothing else will work. ----- Original Message ----- From: Joseph S D Yao <jsdyat_private> To: <shad0wlightat_private> Cc: <firewall-wizardsat_private> Sent: Tuesday, October 12, 1999 12:03 PM Subject: Re: pcanywhere > > What is the opinion of the list about allowing pcanywhere across > > a vpn connection to control some NT systems. I am not > > comfortable, but getting a lot of pressure in allowing that > > through the firewall. > > > > Thanks In Advance. > > - Deepak > > If it were through a firewall, I would exhort you to resist the > pressure. However, within the VPN - IF it's a properly designed VPN, > and IF you trust most of the people inside, then there should not be > much of a difference between that and a LAN. > > Not sure I'd run it on a LAN, either. > > -- > Joe Yao jsdyat_private - Joseph S. D. Yao > COSPO/OSIS Computer Support EMT-B > ----------------------------------------------------------------------- > PLEASE ... send or Cc: all "COSPO/OSIS Computer Support" > mail to sys-admat_private > ----------------------------------------------------------------------- > This message is not an official statement of COSPO policies. >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:48 PDT