Firewall Wizards mailing list archives
FrontPage/NTLM through plug-gw
From: Richard Trott <trott () remus rutgers edu>
Date: Tue, 21 Oct 1997 12:49:33 -0400 (EDT)
Thanks to everyone for their contributions concerning running (or not running) NTLM through a Gauntlet firewall. I've implemented a solution to the problem I faced, but I want to ask the opinions of Those More Knowledgeable Than I concerning the possible dangers that I may have unwittingly exposed myself to. A kind gentleman (who responded privately, so I'm not sure if he wants to remain nameless for one reason or another) reported to me that he had FrontPage working through FWTK using the plug-gw proxy. And Paul Ashton was very helpful in clueing me in to the sorts of dangers NTLM through a firewall might pose. I have set up the plug proxy on an unused port on the firewall to connect to the http port on the target server on a foreign network. Because that is the only server that the machines can connect to, I (more or less) don't have to worry about the users connecting to some random server that will be involved in an attack. The only big thing I have to worry about, I think, is if FrontPage w/NTLM sends the username, domain name and hostname in the clear. But this is not an added problem with the firewall. It was already a problem because the users were previously dialing into an ISP and connecting to the server (and authenticating via NTLM) that way. In short, I don't think I'm subjecting my network to any significant additional dangers doing what I've done, but I'd like to hear opinions (whether they agree or disagree with me) from others who understand NTLM, etc. better than I do. Richard Trott trott () remus rutgers edu
Current thread:
- FrontPage/NTLM through plug-gw Richard Trott (Oct 21)