Firewall Wizards mailing list archives
Re: safety of unidirectional NT trusts
From: "S. Jonah Pressman" <jpressman () sympatico ca>
Date: Wed, 16 Jan 2002 21:26:05 -0500
Phooey! You're in a tough spot. If you follow the wishes of the decision makers, you'd might as well take the "D" out of "DMZ". What about an alternative solution? Will your sponsoring decision makers pay for the hard and soft dollars for a good non-Microsoft VPN implementation (eg. Shiva, Timestep, etc.) SJP hermit921 wrote:
I have been tasked with permitting M$ networking access between an NT server on the DMZ an other Windows machines behind the firewall. My plan is to not let the DMZ machine initiate any connections to the internal machines, but they can initiate connections to the DMZ machine. The DMZ machine should be set up to trust the internal machine, but the internal machine should not trust the DMZ machine; I know I can't control this on the firewall. I don't know much about M$ networking, I don't get to make decisions, I just implement firewall rules whether I like them or not. My main question is: is this unidirectional connection initiation and trust help much more secure than bidirectional? Given that I have to allow this network traffic, can I do any better on the firewall rules? hermit921 _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The Morris worm to Nimda, how little we've learned or gained, (continued)
- Re: The Morris worm to Nimda, how little we've learned or gained Ryan Russell (Jan 05)
- Re: The Morris worm to Nimda, how little we've learned or gained Frederick M Avolio (Jan 04)
- Re: The Morris worm to Nimda, how little we've learned or gained Adam Shostack (Jan 04)
- RE: The Morris worm to Nimda, how little we've learned or gained robert_david_graham (Jan 04)
- RE: The Morris worm to Nimda, how little we've learned or gained Ryan Russell (Jan 05)
- OT: Re: The Morris worm to Nimda, how little we've learned or gained Roelof JT Jonkman (Jan 05)
- Re: OT: Re: The Morris worm to Nimda, how little we've learned or gained H. Morrow Long (Jan 06)
- Host Based Packet Filters (was: OT: The Morris worm to Nimda, how little we've learned or gained) Robin S. Socha (Jan 06)
- safety of unidirectional NT trusts hermit921 (Jan 15)
- Re: safety of unidirectional NT trusts Jonas Anden (Jan 16)
- Re: safety of unidirectional NT trusts S. Jonah Pressman (Jan 17)
- Re: The Morris worm to Nimda, how little we've learned or gained Rudy_D_Pereda (Jan 12)
- Re: The Morris worm to Nimda, how little we've learned or gained Michael Brennen (Jan 12)
- Re: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 13)
- Re: The Morris worm to Nimda, how little we've learned or gained Michael Brennen (Jan 14)
- Re: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 14)
- Re: The Morris worm to Nimda, how little we've learned or gained Michael Brennen (Jan 15)
- Re: The Morris worm to Nimda, how little we've learned or gained Michael Brennen (Jan 12)