| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Please help: Blocking user jumping to different servers using tel net even if not authorized by firewall.
Title: RE: [FW1] Please help: Blocking user jumping to different servers using tel net even if not authorized by firewall.
Put server B1 or B2 on it's own DMZ and then set your rules up accordingly. Are you able to move the servers to different subnets?
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Tuesday, September 12, 2000 11:16 AM
> To: [email protected];
> [email protected]
> Subject: [FW1] Please help: Blocking user jumping to different servers
> using tel net even if not authorized by firewall.
>
>
>
> Dear all, relating to the following schema,
>
>
> NETWORK A
> NETWORK B
>
> WORKSTATION A /------------/ FIREWALL
> /----------------------/ SERVER B1
>
> /
>
> / SERVERB2
>
>
>
> Firewall rule:
> from workstation A to server B1: allow
> any any : drop
>
> I wondering about a solution to avoid a user on workstation A which is
> connected to server B1 to connect to servers B2 using telnet
> or rlogin ...
> Even if the user does not have a permitted access to server
> B2 from its
> workstation, up to me, he can use server b1 as a "gateway" to
> server b2.
>
> Thanks for your help.
>
> Philippe.
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.
Gruntal & Co., L.L.C.
***********************************************************************
|
|
