Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NT WAN]

From: "Ricardo E.Villadiego O." <ricardovilladiego () usa net>
Date: 27 Jul 99 11:56:05 EST
Neil.

All your options depend of the type of firewall that you´re trying to
implement, however, the best way to implement a secure NT Wan is trought using
VLAN implemented directly from the firewall ( if you´re using a a F-1,you can
do this), any way the PPTP is not 100 % secure, therefore you need absolutely
configure strong security policies in your NT machines, firewall after a
complete assestmen of the port and network resources used by your network
application and the interset services that you require with it.
The real problem that I see if that i supspect yo go to expose some criticals
app after DMZ or on DMZ

Regards

RVO


Neil Ratzlaff <Neil.Ratzlaff () ucop edu> wrote:
I am looking for some strong reasons to refuse to allow an NT WAN through
the firewall.

There is a department here that wants to set up a wide area network of
several NT machines scattered over several states.  All they have said they
want is to share files and printing.  One of the local hosts would be
behind the firewall, and they wanted to know how to get through the
firewall, so I got called in.  I manage the firewall, but I don't do policy
of any kind.  I assume they would at least use PPTP, but I read recently
that although M$ improved it, it still is not very secure.

I have the feeling this is a terrible idea.  They want to have clients go
both ways through the firewall, and I assume these clients are Windows 95,
98, and NT.  Can anyone point me to places that list or describe the risks
in simple English?  Or maybe it is not as dangerous as I think it is, and
this would be useful information, too.  I suspect that even if this were
all outside the firewall, it would still be a terrible idea, but I don't
know enough about NT to be sure, or to provide reasons.

Is there some paper somewhere that I can point to that shows why this is a
bad idea?   Perhaps vulnerabilities that can't be patched?  I appreciate
any help anyone can provide.

Neil 


____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
Previous By Date Next
Previous By Thread Next

Current thread: