Firewall Wizards mailing list archives

RE: Disabling NIC whem modem is connected

From: "Loomis, Rip" <GILBERT.R.LOOMIS () saic com>
Date: Tue, 19 Feb 2002 15:37:12 -0500

Fabio--

Is there a way to disable the NIC of a Windows based machine 
when the modem is connect to the Internet ?

Not using any readily-available solution of which I'm aware.
It should be possible to do this with purpose-written code--one
would need to insert a shim into the NIC driver and the modem
driver, and only allow one at a time to be in use.

I know that there was discussion about 8-10 months ago of
a VPN client software installation that could force certain
requirements to be obeyed on the client PC before allowing
connection to the VPN gateway/server piece.  I don't recall
what software was discussed, what the venue for discussion
was, or whether the software ever got beyond the vaporware
stage--so I don't know if that's much help.  (If anyone *does*
come up with software that does this and is stable, please
advise.)

Note also that unless such a software installation is running
on WinNT/W2K/XP and the user has only a non-privileged account,
it's unlikely to be able to accomplish much.  Anyone with
console access to Win9x/WinME/XPHome can bypass such a set of
shims trivially.  Inbound connections to our corporate network
are required on paper to obey the same rules--one can connect
either to the corporate network *or* to an internal/customer
network, but not both.  (Some items such as internal e-mail and
timecharging software are available through web interfaces and
constitute specific exceptions--this is more about access to
internal file servers, SAP, etc.)  However, the enforcement of
these rules is through awareness and AUP agreements than through
technological means--for just such reasons.

I think that a machine connect to the internet via modem and 
plugged to the internal LAN can be a security risk, while it
is bypassing the firewall.

And similarly, a external machine connected to the Internet and
also (through a dial-in or VPN connection) to an internal network
can be a problem.  However, for the specific issue you raise
above, the typical fix is to not allow internal users to add
modems to their systems.  Again, this is more of a policy
and awareness enforcement item, but we've also used wardialing
in the past as one tool to help clients verify that internal
users are complying.

In other words, your concerns are valid and I don't have an
immediate and painless solution.  Perhaps someone else does.
Hope this helps--

--
Rip Loomis
Senior Systems Security Engineer, SAIC CIST
Brainbench MVP for Internet Security
http://www.brainbench.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Disabling NIC whem modem is connected Fabio G. Baptista (Feb 18)
- <Possible follow-ups>
- RE: Disabling NIC whem modem is connected Loomis, Rip (Feb 19)
- RE: Disabling NIC whem modem is connected carl (Feb 19)
- RE: Disabling NIC whem modem is connected Earle Orenstein (Feb 20)
- RE: Disabling NIC whem modem is connected Security Related (Feb 20)