Firewall Wizards mailing list archives
Re: [NT WAN]
From: "Ricardo E.Villadiego O." <ricardovilladiego () usa net>
Date: 27 Jul 99 11:56:05 EST
Neil. All your options depend of the type of firewall that you´re trying to implement, however, the best way to implement a secure NT Wan is trought using VLAN implemented directly from the firewall ( if you´re using a a F-1,you can do this), any way the PPTP is not 100 % secure, therefore you need absolutely configure strong security policies in your NT machines, firewall after a complete assestmen of the port and network resources used by your network application and the interset services that you require with it. The real problem that I see if that i supspect yo go to expose some criticals app after DMZ or on DMZ Regards RVO Neil Ratzlaff <Neil.Ratzlaff () ucop edu> wrote: I am looking for some strong reasons to refuse to allow an NT WAN through the firewall. There is a department here that wants to set up a wide area network of several NT machines scattered over several states. All they have said they want is to share files and printing. One of the local hosts would be behind the firewall, and they wanted to know how to get through the firewall, so I got called in. I manage the firewall, but I don't do policy of any kind. I assume they would at least use PPTP, but I read recently that although M$ improved it, it still is not very secure. I have the feeling this is a terrible idea. They want to have clients go both ways through the firewall, and I assume these clients are Windows 95, 98, and NT. Can anyone point me to places that list or describe the risks in simple English? Or maybe it is not as dangerous as I think it is, and this would be useful information, too. I suspect that even if this were all outside the firewall, it would still be a terrible idea, but I don't know enough about NT to be sure, or to provide reasons. Is there some paper somewhere that I can point to that shows why this is a bad idea? Perhaps vulnerabilities that can't be patched? I appreciate any help anyone can provide. Neil ____________________________________________________________________ Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- Re: [NT WAN] Ricardo E.Villadiego O. (Jul 27)