Re: Networking security question

Linux! Brilliant. They'd love that, too, it would make them all feel In the
Know, don't you know? Great idea. Thanks.

"Joe" <joe@xxxxxxxxxxxxxx> wrote in message
news:de2m0v$bvr$1$8302bc10@xxxxxxxxxxxxxxxxxxx
> Imer Satz wrote:
>> A client has an SBS 2000 network with ISA, multi-homed server and static
>> IP addresses. Among staff, there's a lot of personal Internet abuse, and
>> demand for user accounts that have no business case. They consider
>> Internet access to be an employee perk, and that's not going to change.
>>
>> I had the thought of sticking an old computer in the staff lounge,
>> assigning it a static IP address, directing it straight out the router to
>> the Internet and letting staff have their way with it. I would only need
>> to run both the router Ethernet cable and the server WAN NIC cable to the
>> switch, so the staff computer could find the router.
>>
>> My question is: could the staff computer become infected or hacked in a
>> way that could endanger the server?
>>
>> Thanks.
> There shouldn't be much more risk than from the Internet directly. If
> (when) the expendable machine gets cracked, it will probably concentrate
> on infecting its own subnet rather than random scans, but if ISA can
> stand up to automated attack this shouldn't be a problem.
>
> Now if a human cracker takes charge, that's a different matter. There's
> much more that can be done from the local subnet than from the Net
> generally, and few machines can resist a human-directed attack from
> that close a range. That's not very likely, unless your client has a
> high public profile, and it's still a hell of a lot better than having
> the machine inside ISA.
>
> Better still, put a minimal Linux on the old machine. There shouldn't
> be any trouble at all from automated probes, and at a stroke you've
> eliminated the two main user-assisted malware vectors.
>


.

Relevant Pages
Loading