Re: Providing Visitor Access

• Previous message: Gene: "Re: Wireless LAN detection"
• Maybe in reply to: Sinha, Amitabh (Amit): "Providing Visitor Access"
• Next in thread: Robinson, Sonja: "RE: Providing Visitor Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Sinha, Amitabh (Amit)" <asinha3@agere.com>
From: CTillett@harcourt.com
Date: Mon, 9 Dec 2002 12:47:25 -0500

Good questions, I will try to make our solution more clear....

First, only authorized vendors are allowed to use this restricted VLAN.
They have to sign the same agreement to use our network as any employee,
contractor, etc. Second, we permit HTTP through our content controls and
IPSEC on a case by case basis. We cannot guarantee that their content will
not be stolen, so that is their responsibility. We are simply providing a
transport so that our vendors can work with us. In the future, we are
looking at just providing a DSL connection that is not connected to our
network at all.

Chris

                                                                                                   
                    "Sinha,
                    Amitabh To: "'CTillett@harcourt.com'"
                    (Amit)" <CTillett@harcourt.com>, wbjw@mindspring.com
                    <asinha3@agere cc: jon kintner <jon.kintner@lvcm.com>, Rick Darsey
                    .com> <rdarsey@aims1.com>, security-basics@securityfocus.com,
                                          ssgill@gilltechnologies.com, wbjw@mindspring.com
                    12/09/2002 Subject: Providing Visitor Access
                    11:20 AM
                                                                                                   
                                                                                                   

This brings up some interesting questions.

Would there be any legal issue with allowing open access from within your
company (for this restrictive network)? Is web type access going through a
proxy that is filtering? (Could the company be liable if something illegal
is done from the company owned IP space (child porn etc.)? Any due
diligence
issues?? OR if a visitors information is stolen from the Internet while
they
were connected from this unrestricted vlan?)

Are more and more companies providing this type of unrestricted access to
their visitors? How are others doing this? Is there an industry standard or
a general practice ...

Thanks,
Amit

-----Original Message-----
From: CTillett@harcourt.com [mailto:CTillett@harcourt.com]
Sent: Thursday, December 05, 2002 10:25 PM
To: wbjw@mindspring.com
Cc: jon kintner; Rick Darsey; security-basics@securityfocus.com;
ssgill@gilltechnologies.com; wbjw@mindspring.com
Subject: RE: Preventing DHCP from allocating IPs

We are dealing with this right now. We are creating an "area" on each
floor that visitors can use. The ethernet ports in these areas will be
using a private vlan that provides IP connectivity and Internet access
only. These areas are ACL'ed off from our enterprise network. It is not
perfect, but since we have good physical security and all other ports on
the switch are disabled by default, it allows our vendors to use our
network as a transport service only. I hope this helps a little.

Chris Tillett

• Next message: Alban Kuster: "RE: Wireless LAN detection"
• Previous message: Gene: "Re: Wireless LAN detection"
• Maybe in reply to: Sinha, Amitabh (Amit): "Providing Visitor Access"
• Next in thread: Robinson, Sonja: "RE: Providing Visitor Access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]