Okay, as I sit here at 9:47 PM EDT waiting for the MCI network tech to call
back and (hopefully) get our frame relay circuit back up, I'm mulling around
something that yet another MCI techie told me this afternoon (as we were
troubleshooting why our redundant, diversely-routed, backup circuit doesn't
seem to work - sure could use it now!) as he was pinging around our network.
He said, "Hey, what's a Jet Direct?" and I told him what it was and what it
was used for and he said "Well, I just telnetted and/or pinged it [I'm not
sure which]. Don't you have a firewall there?"
To which I replied, "Why? Don't we have a private IP address space?" (All
of our IP addresses begin with 10.251.46.xxx). And he said, "Yes, but we
(meaning the MCI techs whom we pay a great deal of money to watch over our
network for us) can access it".
Afraid of seeming even more ignorant than I am, but being even more afraid
of having some gaping security flaw in our network, I asked him "What's the
big deal?" He said it was just a security thing and most of their customers
use a firewall. Then he went on to the task at hand. I assume that he was
surprised that he could ping IP addresses on our internal LAN from a remote
location. This doesn't strike me as being a particularly "bad" idea,
because I use that feature all the time to check on various devices, and/or
the integrity of the network (WAN and LAN) in general.
So, what exactly is the big deal? What would a firewall gain us, especially
since we are "invisible" to the outside world? (We are invisible, aren't
we? Or is that the emperor's new clothes?)
Confused in Network-land,
Jim Phillips Manager of Information Systems
E-Mail: [log in to unmask] Therm-O-Link, Inc.
Phone: (330) 527-2124 P. O. Box 285
Fax: (330) 527-2123 10513 Freedom Street
Web: http://www.tolwire.com Garrettsville, Ohio 44231
|