Re: pcanywhere

["Joe Ippolito" <joe () joesnet com>]

My take on it:  Do not allow remote control applications run through your
firewall.  Once they are in they are in and you might as well not have a
firewall.  If they cannot administer their NT server with the administration
utilities that MS provides through a VPN or secure RAS connection then they
should fix their server.  If the server has a non-routable address (e.g.
10.x) and they first establish a secure VPN connection to your firewall,
then and only then, you may want to consider a remote control application.
You get to decide what level of proof they will need to provide that
absolutely nothing else will work.


----- Original Message -----
From: Joseph S D Yao <jsdy () cospo osis gov>
To: <shad0wlight () pop softhome net>
Cc: <firewall-wizards () nfr net>
Sent: Tuesday, October 12, 1999 12:03 PM
Subject: Re: pcanywhere


> > What is the opinion of the list about allowing pcanywhere across
> > a vpn connection to control some NT systems.  I am not
> > comfortable, but getting a lot of pressure in allowing that
> > through the firewall.
> >
> > Thanks In Advance.
> > - Deepak
>
> If it were through a firewall, I would exhort you to resist the
> pressure.  However, within the VPN - IF it's a properly designed VPN,
> and IF you trust most of the people inside, then there should not be
> much of a difference between that and a LAN.
>
> Not sure I'd run it on a LAN, either.
>
> --
> Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao
> COSPO/OSIS Computer Support EMT-B
> -----------------------------------------------------------------------
> PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
>      mail to sys-adm () cospo osis gov
> -----------------------------------------------------------------------
>       This message is not an official statement of COSPO policies.