Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewalling DCOM and brethren

From: "Magossa'nyi A'rpa'd" <mag () bunuel tii matav hu>
Date: Fri, 21 Nov 1997 21:14:27 +0100
On Fri, 21 Nov 1997, David C Niemi wrote:


It looks like I am about to involuntarily have an experience with trying to
lock down a very Microsoft-centric IIS web server which is tied to an
internal server via DCOM, Active Server Pages, and Microsoft Transaction
Server.  It obviously makes me rather nervous, but politically we may have

You might. Not me.

to do it anyway.  Has anyone out there seriously analyzed DCOM, ASP, and/or
MTS from a security standpoint who is willing to talk about it?

Using DCOM through the firewall is like you would implement a two node host,
one node being inside, the other outside. The firewall is quite pointless in
this situation.
The above is based on my very limited (sales level functional) knowledge of
what DCOM is.
If those machines would run a real OS and applications, I would still say
don't do that. Implement the DBMS on the outer side as well, and don't allow
anything to come in.

---
GNU GPL: csak tiszta forrásból
Previous By Date Next
Previous By Thread Next

Current thread: