Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NTLM authentication from DMZ

From: "Bill Royds" <broyds () rogers com>
Date: Sat, 21 Sep 2002 13:41:37 -0400
The Symantec Enterprise Firewall SEF and its Velociraptor appliance clone has a full CIFS/SMB proxy that can limit 
traffic to only specific Netbios services. I still would only allow the SMB connection between a DMZ and internal over 
this, but it may help.

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Dawes,
Rogan (ZA - Johannesburg)
Sent: Fri September 20 2002 11:32
To: 'Noonan, Wesley'; 'Mikael Olsson'; Jan van Rensburg
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] NTLM authentication from DMZ


Below.



It would appear that one of the other webmail programs, with access to the
mailboxes via IMAP, directories via LDAP, and outbound mail via SMTP would
be a lot easier to secure, in particular, securing the internal network from
compromise of the webmail server. This is primarily because a firewall can
limit the functions that are permitted.

And that is really what we are talking about, isn't it? We put the webmail
server in a DMZ, because we want to be prepared for the webmail server being
compromised. The trick is to limit what can happen when it is cracked. It's
not so easy with OWA.

When someone builds a stateful or proxy firewall that can disallow functions
within NBT sessions, I will feel happier about permitting NBT through it.
But not until then.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: