Firewall Wizards mailing list archives
RE: Disabling NIC whem modem is connected
From: "Loomis, Rip" <GILBERT.R.LOOMIS () saic com>
Date: Tue, 19 Feb 2002 15:37:12 -0500
Fabio--
Is there a way to disable the NIC of a Windows based machine when the modem is connect to the Internet ?
Not using any readily-available solution of which I'm aware. It should be possible to do this with purpose-written code--one would need to insert a shim into the NIC driver and the modem driver, and only allow one at a time to be in use. I know that there was discussion about 8-10 months ago of a VPN client software installation that could force certain requirements to be obeyed on the client PC before allowing connection to the VPN gateway/server piece. I don't recall what software was discussed, what the venue for discussion was, or whether the software ever got beyond the vaporware stage--so I don't know if that's much help. (If anyone *does* come up with software that does this and is stable, please advise.) Note also that unless such a software installation is running on WinNT/W2K/XP and the user has only a non-privileged account, it's unlikely to be able to accomplish much. Anyone with console access to Win9x/WinME/XPHome can bypass such a set of shims trivially. Inbound connections to our corporate network are required on paper to obey the same rules--one can connect either to the corporate network *or* to an internal/customer network, but not both. (Some items such as internal e-mail and timecharging software are available through web interfaces and constitute specific exceptions--this is more about access to internal file servers, SAP, etc.) However, the enforcement of these rules is through awareness and AUP agreements than through technological means--for just such reasons.
I think that a machine connect to the internet via modem and plugged to the internal LAN can be a security risk, while it is bypassing the firewall.
And similarly, a external machine connected to the Internet and also (through a dial-in or VPN connection) to an internal network can be a problem. However, for the specific issue you raise above, the typical fix is to not allow internal users to add modems to their systems. Again, this is more of a policy and awareness enforcement item, but we've also used wardialing in the past as one tool to help clients verify that internal users are complying. In other words, your concerns are valid and I don't have an immediate and painless solution. Perhaps someone else does. Hope this helps-- -- Rip Loomis Senior Systems Security Engineer, SAIC CIST Brainbench MVP for Internet Security http://www.brainbench.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Disabling NIC whem modem is connected Fabio G. Baptista (Feb 18)
- <Possible follow-ups>
- RE: Disabling NIC whem modem is connected Loomis, Rip (Feb 19)
- RE: Disabling NIC whem modem is connected carl (Feb 19)
- RE: Disabling NIC whem modem is connected Earle Orenstein (Feb 20)
- RE: Disabling NIC whem modem is connected Security Related (Feb 20)