Firewall Wizards mailing list archives
RE: NTLM authentication from DMZ
From: "Bill Royds" <broyds () rogers com>
Date: Sat, 21 Sep 2002 13:41:37 -0400
The Symantec Enterprise Firewall SEF and its Velociraptor appliance clone has a full CIFS/SMB proxy that can limit traffic to only specific Netbios services. I still would only allow the SMB connection between a DMZ and internal over this, but it may help. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Dawes, Rogan (ZA - Johannesburg) Sent: Fri September 20 2002 11:32 To: 'Noonan, Wesley'; 'Mikael Olsson'; Jan van Rensburg Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] NTLM authentication from DMZ Below.
It would appear that one of the other webmail programs, with access to the mailboxes via IMAP, directories via LDAP, and outbound mail via SMTP would be a lot easier to secure, in particular, securing the internal network from compromise of the webmail server. This is primarily because a firewall can limit the functions that are permitted. And that is really what we are talking about, isn't it? We put the webmail server in a DMZ, because we want to be prepared for the webmail server being compromised. The trick is to limit what can happen when it is cracked. It's not so easy with OWA. When someone builds a stateful or proxy firewall that can disallow functions within NBT sessions, I will feel happier about permitting NBT through it. But not until then. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: NTLM authentication from DMZ, (continued)
- Re: NTLM authentication from DMZ Volker Tanger (Sep 17)
- Re: NTLM authentication from DMZ Jan van Rensburg (Sep 18)
- RE: NTLM authentication from DMZ Ben Nagy (Sep 19)
- RE: NTLM authentication from DMZ Frank Knobbe (Sep 19)
- RE: NTLM authentication from DMZ Ben Nagy (Sep 20)
- RE: NTLM authentication from DMZ Frank Knobbe (Sep 20)
- Re: NTLM authentication from DMZ Jan van Rensburg (Sep 18)
- Re: NTLM authentication from DMZ Volker Tanger (Sep 17)
- Re: NTLM authentication from DMZ Mikael Olsson (Sep 20)
- RE: NTLM authentication from DMZ Bill Royds (Sep 21)
- RE: NTLM authentication from DMZ Peter Robinson (Sep 23)
- RE: NTLM authentication from DMZ Steffen Kluge (Sep 25)
- RE: NTLM authentication from DMZ Paul D. Robertson (Sep 25)
- RE: NTLM authentication from DMZ Steffen Kluge (Sep 26)