RE: Shared drives through a firewall

Drive mapping isn't guaranteed to use NetBIOS - this depends on the OS
and revision.
For instance, Windows began using SMB (TCP:445) on Windows 2000 and
later for remote file shares (although NetBIOS connections are still
supported for downlevel compatibility.
The problem with allowing either or (FSM help us) both across one; much
less two firewalls is that file shares aren't the only things that use
these transports.
Remote registry, remote service control are two of my favorite examples
of SMB-carried traffic.

My favorite p1553d-0ff domain admin trick is:
for %i in (list of dcs) do sc \\%i config netlogon start= disabled & sc
\\%i stop netlogon

You won't reverse this action without a recovery console, since the DCs
in question can no longer authenticate any logon attempt. Of course,
you have to order your list properly so as to do the GCs last, but for a
domain admin, that's trivial info gathering.

The point is; if you allow direct file share access between your
security zones (or else why have a firewall between them), you create a
much larger threat than simple file mangling.

You might consider using FTPS or SSH connections; they're relatively
secure, depending on the server/client package you select.

Jim

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of aeheald@xxxxxxxxx
Sent: Wednesday, March 21, 2007 7:01 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Shared drives through a firewall

Hello Group;

I am trying to persuade a client NOT to map a drive through two
firewalls to
an untrusted server in a DMZ to run an application. I've tried Googling
Netbios and security, but get so many entries as to be useless.

Other than the latency issues, and my ten cents that it seems to me to
be an
enormously foolish idea, can you folks offer me any further ammunition?

Big Thanks if you can

Eigen

All mail to and from this domain is GFI-scanned.

Relevant Pages

  • Re: Server DOWN, Please Help!
    ... Actually it reminds me of a time or two when I was younger (being 25, ... floppy drives as the biggest portable disk around unless you had booko bucks ... The name of the computer in windows though was still the same, ... google how to change the NETBIOS name of a computer. ...
    (microsoft.public.windows.server.general)
  • Re: Setup a new 2003 DNS in a mixed mode of 2000 and NT4
    ... "Jeff Cochran" wrote in message ... >>But I noticed from the FW logs that the NetBios broadcasts were not ... > Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS ...
    (microsoft.public.win2000.dns)
  • Re: help
    ... >know the identity) has worked around firewalls, Mcafee, ... The information stored on the drives is probably the key element in the ... the format tool has been altered, or they are ... spy-ware and up-to-date virus scanners. ...
    (microsoft.public.security)
  • Offline files on PDC
    ... We are using file redirection to share drives on our primary domain ... The system is a Win 2003 PDC with our user file shares and folder ... stations log in as the administrator and axe all the offline files. ...
    (microsoft.public.windows.server.general)
  • Re: Mapping network drive from W2K to XPpro
    ... access so there are no firewalls needed. ... It was, though, the "network access" setting on the XP box. ... by other boxes on the network, and secondly I must set all drives I want to ... > Check for misconfigured / overlooked firewalls, and for registry setting ...
    (microsoft.public.windowsxp.network_web)
Loading