View previous topic :: View next topic |
Author |
Message |
funkyd Just Arrived
Joined: 05 Mar 2003 Posts: 0
|
Posted: Fri Mar 14, 2003 10:45 am Post subject: What security risks are associated with ISDN? |
|
|
I have found 4 ISDN modems on users desks that are used to upload updates to our remote web hosting company.
What sort of risks are associated with ISDN - I've never used it before. Because its point-to-point I am wondering what could happen.
I am thinking that we should ditch them and use a VPN from our firewall instead because it can be managed and reduces the number of perimeter 'entrances' to our network.....
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Fri Mar 14, 2003 12:48 pm Post subject: |
|
|
ISDN in its own right is not insecure.
If you hookup a PC through ISDN you should have a firewall installed on the PC, otherwise you have created a backdoor onto your main network.
Ideally, you should have few paths out to the internet, and have these secured with a border router/firewall.
Jason
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Mar 14, 2003 12:52 pm Post subject: |
|
|
Yeh ISDN is no more secure or insecure than a 56k modem.
It's the same thing effectively from a security point of view, and yeh preferably only have 1 point of entry for the Internet. It's a dirty dangerous place..
The less permiter entries you have, the less work there is and less security risk.
|
|
Back to top |
|
|
Networkguy Trusted SF Member
Joined: 29 Apr 2002 Posts: 16777215 Location: UK
|
Posted: Fri Mar 14, 2003 1:16 pm Post subject: |
|
|
As Jason said, ISDN is not insecure.
But lets say a desktop user decided to connect to the Internet via it, straight away, you have a backdoor with no firewall into your corporate LAN.
Even if they are connecting to remote servers, you would need to be 100% sure that they are secure as well otherwise the back door still exists.
On top of this of course, there is the cost. Why run up the phone bill if you could VPN across your existing internet connection.
Dump them
|
|
Back to top |
|
|
funkyd Just Arrived
Joined: 05 Mar 2003 Posts: 0
|
Posted: Fri Mar 14, 2003 4:41 pm Post subject: |
|
|
Cheers guys - thought as much r.e security. I am recommending we ditch the ISDN lines and use a VPN instead. Boss should be happy with the cost saving if nothing else....
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Fri Mar 14, 2003 5:41 pm Post subject: |
|
|
I don't know much about VPN's but to connect to a network throught a VPN don't you need to connect to the internet first? So ISDN is connected to the internet, its just different connection types. So how is it more secure for the network. The data is more secure with additional encryption and authentication, but there is still a path open to your main network right?
|
|
Back to top |
|
|
Networkguy Trusted SF Member
Joined: 29 Apr 2002 Posts: 16777215 Location: UK
|
Posted: Fri Mar 14, 2003 5:46 pm Post subject: |
|
|
delete852 wrote: |
I don't know much about VPN's but to connect to a network throught a VPN don't you need to connect to the internet first? So ISDN is connected to the internet, its just different connection types. So how is it more secure for the network. The data is more secure with additional encryption and authentication, but there is still a path open to your main network right? |
Yes but with your company internet connection you will have put in place various security measures (eg firewalls) to protect your network.
If however somebody sticks a modem (be it ISDN or analogue) on the back of his desktop, you have just bypassed all the security and not only provided a way out, but also an unprotected way in.
|
|
Back to top |
|
|
funkyd Just Arrived
Joined: 05 Mar 2003 Posts: 0
|
Posted: Fri Mar 14, 2003 5:47 pm Post subject: |
|
|
delete852 wrote: |
I don't know much about VPN's but to connect to a network throught a VPN don't you need to connect to the internet first? So ISDN is connected to the internet, its just different connection types. So how is it more secure for the network. The data is more secure with additional encryption and authentication, but there is still a path open to your main network right? |
Yes - but we already have four internet connections that can be used. Hence we can get rid of the two ISDN lines. Also the ISDN lines are not behind a firewall - two of our internet connections are and the other two will be soon.
|
|
Back to top |
|
|
|