What security risks are associated with ISDN?

Networking/Security Forums -> General Security Discussion

Author: funkyd PostPosted: Fri Mar 14, 2003 10:45 am    Post subject: What security risks are associated with ISDN?
    ----
I have found 4 ISDN modems on users desks that are used to upload updates to our remote web hosting company.

What sort of risks are associated with ISDN - I've never used it before. Because its point-to-point I am wondering what could happen.

I am thinking that we should ditch them and use a VPN from our firewall instead because it can be managed and reduces the number of perimeter 'entrances' to our network.....

Author: Jason PostPosted: Fri Mar 14, 2003 12:48 pm    Post subject:
    ----
ISDN in its own right is not insecure.

If you hookup a PC through ISDN you should have a firewall installed on the PC, otherwise you have created a backdoor onto your main network.

Ideally, you should have few paths out to the internet, and have these secured with a border router/firewall.

Jason

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Fri Mar 14, 2003 12:52 pm    Post subject:
    ----
Yeh ISDN is no more secure or insecure than a 56k modem.

It's the same thing effectively from a security point of view, and yeh preferably only have 1 point of entry for the Internet. It's a dirty dangerous place..

The less permiter entries you have, the less work there is and less security risk.

Author: NetworkguyLocation: UK PostPosted: Fri Mar 14, 2003 1:16 pm    Post subject:
    ----
As Jason said, ISDN is not insecure.

But lets say a desktop user decided to connect to the Internet via it, straight away, you have a backdoor with no firewall into your corporate LAN.

Even if they are connecting to remote servers, you would need to be 100% sure that they are secure as well otherwise the back door still exists.

On top of this of course, there is the cost. Why run up the phone bill if you could VPN across your existing internet connection.

Dump them

Author: funkyd PostPosted: Fri Mar 14, 2003 4:41 pm    Post subject:
    ----
Cheers guys - thought as much r.e security. I am recommending we ditch the ISDN lines and use a VPN instead. Boss should be happy with the cost saving if nothing else....

Author: delete852Location: Washington DC PostPosted: Fri Mar 14, 2003 5:41 pm    Post subject:
    ----
I don't know much about VPN's but to connect to a network throught a VPN don't you need to connect to the internet first? So ISDN is connected to the internet, its just different connection types. So how is it more secure for the network. The data is more secure with additional encryption and authentication, but there is still a path open to your main network right?

Author: NetworkguyLocation: UK PostPosted: Fri Mar 14, 2003 5:46 pm    Post subject:
    ----
delete852 wrote:
I don't know much about VPN's but to connect to a network throught a VPN don't you need to connect to the internet first? So ISDN is connected to the internet, its just different connection types. So how is it more secure for the network. The data is more secure with additional encryption and authentication, but there is still a path open to your main network right?


Yes but with your company internet connection you will have put in place various security measures (eg firewalls) to protect your network.

If however somebody sticks a modem (be it ISDN or analogue) on the back of his desktop, you have just bypassed all the security and not only provided a way out, but also an unprotected way in.

Author: funkyd PostPosted: Fri Mar 14, 2003 5:47 pm    Post subject:
    ----
delete852 wrote:
I don't know much about VPN's but to connect to a network throught a VPN don't you need to connect to the internet first? So ISDN is connected to the internet, its just different connection types. So how is it more secure for the network. The data is more secure with additional encryption and authentication, but there is still a path open to your main network right?


Yes - but we already have four internet connections that can be used. Hence we can get rid of the two ISDN lines. Also the ISDN lines are not behind a firewall - two of our internet connections are and the other two will be soon.



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group