Suppose the Drib wished to allow employes to telecommute. In order to protect the network, they require all remote connections (other than those for the Web and mail servers) to use SSH.

a. Discuss the required changes in the network infrastructure. In particular, should the outer firewall provide an SSH proxy or a packet filter to incoming SSH connections? Why?

b. The destination of an SSH connection from the Internet might be the address of any host on the internal network. Such addresses, however, are not broadcast to the Internet and in fact may be addresses that routers on the Internet should not pass (such as 10.x.x.x). Devise a method or protocol that will continue to conceal the addresses of the hosts on the internal network but still allow SSH connections from the Internet to arrive at the proper destinations. What supporting infrastructure must the Drib add to its network?

c. The inner firewall will pass SSH connections, provided that one endpoint is the trusted administration server on the internal network. With the above-mentioned change, the destination of the incoming SSH connection may be any host on the internal network. For this question, assume that the addresses of the hosts on the internal network are kept within the internal network-in other words, that the method or protocol in part (b) is implemented. What are the security implications of allowing SSH connections to any internal host through the inner firewall? Should such connections be restricted (for example, by requiring users to register the hosts from which they will be connecting)?

d. An alternative to allowing the SSH connections through the firewall is to provide a specific host (the "SSH host") on the internal network that is also connected to the Internet. Telecommuters could use SSH to log into this system, and from it reach systems on the internal network. (The difference between this method and allowing connections through the firewall is that the user must log into the intermediate host, and from there move to the internal system. The firewall approach makes the intermediate system transparent.) Identify the minimum number of services that this system should run in order to fulfill its function. Why must these services be run? As part of your answer, identify any other systems (such as DNS servers, mail servers, and so on) that this SSH host would have to trust.

e. From the point of view of Saltzer and Schroeder's design principles [865] (see Chapter 13), is the solution suggested in part (d) better than, worse than, or the same as the solutions involving access through the firewall? Justify your answer.