FrontPage/NTLM through plug-gw

[Richard Trott <trott () remus rutgers edu>]

Thanks to everyone for their contributions concerning running (or not
running) NTLM through a Gauntlet firewall.

I've implemented a solution to the problem I faced, but I want to ask the
opinions of Those More Knowledgeable Than I concerning the possible
dangers that I may have unwittingly exposed myself to.

A kind gentleman (who responded privately, so I'm not sure if he wants to
remain nameless for one reason or another) reported to me that he had
FrontPage working through FWTK using the plug-gw proxy.  And Paul Ashton
was very helpful in clueing me in to the sorts of dangers NTLM through a
firewall might pose. 

I have set up the plug proxy on an unused port on the firewall to connect
to the http port on the target server on a foreign network.  Because that
is the only server that the machines can connect to, I (more or less) 
don't have to worry about the users connecting to some random server that
will be involved in an attack.

The only big thing I have to worry about, I think, is if FrontPage w/NTLM
sends the username, domain name and hostname in the clear.  But this is
not an added problem with the firewall.  It was already a problem because
the users were previously dialing into an ISP and connecting to the server
(and authenticating via NTLM) that way.  

In short, I don't think I'm subjecting my network to any significant
additional dangers doing what I've done, but I'd like to hear opinions
(whether they agree or disagree with me) from others who understand NTLM,
etc. better than I do.

Richard Trott
trott () remus rutgers edu