AW: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?

[Rob van Eijk <rob@xxxxxxxxxxxx>]

If you are using NT.. then you're not safe.

 

With only port 80 opened up, only a well configured content scanning FW can stop the elite. On www.summercon.org there was an interesting speach this saturday about these kind of hacks.

 

But then this all depends what you are hiding in the back-lan. The more interesting this looks from the outside, the more the challenge:)

 

--

 MVG,

 Rob van Eijk

-----Ursprüngliche Nachricht-----
Von: cobalt-security-admin@xxxxxxxxxxxxxxx [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]Im Auftrag von jwk at Zone Alpha
Gesendet: zaterdag 2 juni 2001 7:48
An: cobalt-security@xxxxxxxxxxxxxxx
Betreff: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?

Hi,

 

Sorry if this is somewhat of an off-topic for this list.  But I just couldn't think of any place else to get a quality answer as this list.

 

I have been keeping my office's internal LAN and web servers completely disconnected in order to be absolutely sure that internal LAN segments are safe from hacking or cracking attempts. (The network cables physically do not connect between these two segments.)  This worked great from security perspective. 

 

Due to obvious drawbacks with this set up, I am now attempting to patch a line between the router to the multi-port switch serving the NT 4 based internal LAN.  Of course all internal machines will only be assigned the private network IPs starting with 168.192.  I am hoping that the machines with private network IPs will be completely inaccessible from outside.  My big question is:  Is this that simple?  Or am I missing something?  Can someone access a Internet-connected machine such as web or ftp server THEN somehow reach into internal machines using some type of Windows share?

 

Any comments would be greatly appreciated.  Thanks all in advance. 

 

James Kim