NT WAN

[Neil Ratzlaff <Neil.Ratzlaff () ucop edu>]

I am looking for some strong reasons to refuse to allow an NT WAN through
the firewall.

There is a department here that wants to set up a wide area network of
several NT machines scattered over several states.  All they have said they
want is to share files and printing.  One of the local hosts would be
behind the firewall, and they wanted to know how to get through the
firewall, so I got called in.  I manage the firewall, but I don't do policy
of any kind.  I assume they would at least use PPTP, but I read recently
that although M$ improved it, it still is not very secure.

I have the feeling this is a terrible idea.  They want to have clients go
both ways through the firewall, and I assume these clients are Windows 95,
98, and NT.  Can anyone point me to places that list or describe the risks
in simple English?  Or maybe it is not as dangerous as I think it is, and
this would be useful information, too.  I suspect that even if this were
all outside the firewall, it would still be a terrible idea, but I don't
know enough about NT to be sure, or to provide reasons.

Is there some paper somewhere that I can point to that shows why this is a
bad idea?   Perhaps vulnerabilities that can't be patched?  I appreciate
any help anyone can provide.

Neil