Re: NT WAN

[mritenburg () development opensite com]

1. Is the WAN using public infrastructure or private infrastructure?
2. Does this department have budget to implement a secure system?
3. What is the security level and policies of each NT machine?
4. Is file and print sharing more important that the info behind the Firewall?

If I were in charge of the Firewall, these are some of the questions I'd
ask first to determine if an NT WAN is actually a solution to the given
problem.

$.02

Matt


At 03:46 PM 7/26/99 -0700, Neil Ratzlaff wrote:
> I am looking for some strong reasons to refuse to allow an NT WAN through
> the firewall.
>
> There is a department here that wants to set up a wide area network of
> several NT machines scattered over several states.  All they have said they
> want is to share files and printing.  One of the local hosts would be
> behind the firewall, and they wanted to know how to get through the
> firewall, so I got called in.  I manage the firewall, but I don't do policy
> of any kind.  I assume they would at least use PPTP, but I read recently
> that although M$ improved it, it still is not very secure.
>
> I have the feeling this is a terrible idea.  They want to have clients go
> both ways through the firewall, and I assume these clients are Windows 95,
> 98, and NT.  Can anyone point me to places that list or describe the risks
> in simple English?  Or maybe it is not as dangerous as I think it is, and
> this would be useful information, too.  I suspect that even if this were
> all outside the firewall, it would still be a terrible idea, but I don't
> know enough about NT to be sure, or to provide reasons.
>
> Is there some paper somewhere that I can point to that shows why this is a
> bad idea?   Perhaps vulnerabilities that can't be patched?  I appreciate
> any help anyone can provide.
>
> Neil