RE: [fw-wiz] NTLM authentication from DMZ
From: Bill Royds (broyds@rogers.com)
Date: 09/21/02
- Next message: manatworkyes moderator: "RE: [fw-wiz] NTLM authentication from DMZ"
- Previous message: Frank Knobbe: "RE: [fw-wiz] NTLM authentication from DMZ"
- In reply to: Dawes, Rogan (ZA - Johannesburg): "RE: [fw-wiz] NTLM authentication from DMZ"
- Next in thread: Noonan, Wesley: "RE: [fw-wiz] NTLM authentication from DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Royds" <broyds@rogers.com> To: "Dawes, Rogan (ZA - Johannesburg)" <rdawes@deloitte.co.za>, "'Noonan, Wesley'" <Wesley_Noonan@bmc.com>, "'Mikael Olsson'" <mikael.olsson@clavister.com>, "Jan van Rensburg" <jan.van.rensburg@epiuse.com> Date: Sat Sep 21 17:22:01 2002
The Symantec Enterprise Firewall SEF and its Velociraptor appliance clone has a full CIFS/SMB proxy that can limit traffic to only specific Netbios services. I still would only allow the SMB connection between a DMZ and internal over this, but it may help.
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Dawes,
Rogan (ZA - Johannesburg)
Sent: Fri September 20 2002 11:32
To: 'Noonan, Wesley'; 'Mikael Olsson'; Jan van Rensburg
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] NTLM authentication from DMZ
Below.
>
It would appear that one of the other webmail programs, with access to the
mailboxes via IMAP, directories via LDAP, and outbound mail via SMTP would
be a lot easier to secure, in particular, securing the internal network from
compromise of the webmail server. This is primarily because a firewall can
limit the functions that are permitted.
And that is really what we are talking about, isn't it? We put the webmail
server in a DMZ, because we want to be prepared for the webmail server being
compromised. The trick is to limit what can happen when it is cracked. It's
not so easy with OWA.
When someone builds a stateful or proxy firewall that can disallow functions
within NBT sessions, I will feel happier about permitting NBT through it.
But not until then.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: manatworkyes moderator: "RE: [fw-wiz] NTLM authentication from DMZ"
- Previous message: Frank Knobbe: "RE: [fw-wiz] NTLM authentication from DMZ"
- In reply to: Dawes, Rogan (ZA - Johannesburg): "RE: [fw-wiz] NTLM authentication from DMZ"
- Next in thread: Noonan, Wesley: "RE: [fw-wiz] NTLM authentication from DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
