Re: Shared drives through a firewall

Eigen,

Why not have the client do push replication from the back end system to the one in the DMZ? This way the back end system wouldn't be exposed and the data needed for the front end system to run will be accessible to it.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "Phil Waller" <Phil.Waller@xxxxxxxx>
Date: Thu, 22 Mar 2007 13:36:43
To:<aeheald@xxxxxxxxx>, <focus-ms@xxxxxxxxxxxxxxxxx>
Subject: RE: Shared drives through a firewall

Its just a big no no no no no NON, NEIN,

There are loads of reasons why not to - as you have said you have
googled this and been inundated with reasons why not to so I wont put
you through the pain

Can't you get the client to tunnel up to the firewall using IPSEC or
similiar and then allow NetBIOS/TCP 445 or 139 from the endpoint onwards
if needs be?

Latency issues will still be a pain when tunneling due to some overhead
on building and maintaining the tunnel, CIFS access doesn't work well on
a WAN anyhow

I take it the orientation is internet --> DMZ and not Trusted --> DMZ?



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of aeheald@xxxxxxxxx
Sent: 22 March 2007 02:01
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Shared drives through a firewall

Hello Group;

I am trying to persuade a client NOT to map a drive through two
firewalls to an untrusted server in a DMZ to run an application. I've
tried Googling Netbios and security, but get so many entries as to be
useless.

Other than the latency issues, and my ten cents that it seems to me to
be an enormously foolish idea, can you folks offer me any further
ammunition?

Big Thanks if you can

Eigen

Relevant Pages

  • Re: VPN location on a PIX firewall
    ... > -I would not put it into a DMZ, then you have to allow DMZ traffic ... without being protected by that Firewall the VPN device unencrypts ... What if the client is ...
    (comp.security.firewalls)
  • Re: ActiveSync PushMail AUTD Firewall - HeartbeatInterval
    ... Du meinst der FE stehtin einer DMZ? ... Leider unterstützt die Firewall nur 3 Minuten KeepAlive. ... Client zu bearbeiten, ... Frank Carius MS Exchange MVP ...
    (microsoft.public.de.exchange)
  • Tunneling over ssh with termination by the FW
    ... I have a W2K server in a DMZ that I wish to administer remotely using VNC ... I want to establish the ssh tunnel from the Client to the Firewall (for port ...
    (SSH)
  • tsweb client not working from wan
    ... I have the tsweb client running on a win2k server that's ... on the DMZ of my firewall. ... remote client on the LAN from the LAN but unable to ... I opened the ports 80 and 3389 from LAN to DMZ, ...
    (microsoft.public.win2000.general)
  • Re: security concerns for home work network
    ... You could place an old machine on the "dmz" port of your ... firewall/router, and copy client ... One of the easiest and most economical ways to experiment with a DMZ ...
    (Debian-User)