Re: More Secured
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/05/05
- Next message: Roger Abell: "Re: MSDE 2000 SP3 Fails to install"
- Previous message: Steven L Umbach: "Re: Disable print screen in Windows 2000 Pro"
- In reply to: Ann: "More Secured"
- Next in thread: Roger Abell: "Re: More Secured"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Feb 2005 18:09:23 -0600
If you can give the users anonymous access then use FTP, otherwise their
passwords will go over the network in plain text to the ftp server. NBT
would not allow passwords to be in clear text but then you would have to
enable file and print sharing on the web server which is not a good idea to
do if it can be avoided. If your computers are all Windows 2000/2003/XP Pro
you could create an ipsec policy for connections between the server and the
internal users using kerberos for computer authentication if in a domain
[dmz computers normally are not] or pre shared key or certificates if not.
Pre shared key authentication should not be used if at all possible and it
is not hard to set up a Certificate Authority on the network to issue
certificates for computer or ipsec. The ipsec policy could be configured on
the web server to require ipsec encryption via ESP for all connections on
that adapter, for a particular protocol, or from the lan subnet and the
clients could be configured with a client/respond policy. Domain controllers
must be exempt from any ipsec policy that would require communications with
domain members which can be done with a rule for the ipsec policy that has
filters with the IP addresses of the domain controllers and a permit filter
action. Ipsec would protect users passwords to a ftp connection and allow
the firewall to be configured with just a few rules. The links below may
help. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
-- ipsec step by step.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/ispstep.mspx
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B233256
"Ann" <Ann@discussions.microsoft.com> wrote in message
news:794E30F1-07F6-40C8-9555-1ECD33BF73F6@microsoft.com...
> Hi All,
>
> Can someone please tell me what is more secured FTP or NETBIOS.
> What I am trying to is I have a webserver in DMZ. I want my internal users
> to be able connect to the server in a most secured way possible.
> I have 2 options
> 1. Give a static IP address to the end user and setup a firewall rule to
> all
> fron source and destination using netbios
> 2.Give a static IP address to the end user and setup a firewall rule to
> all
> fron source and destination using ftp connection.
> 3. I am open for better idea.
> Which is the best and secured way to do it.(security 1st piriority. ease
> is
> 2nd priority)
> Please help.
>
> Thanks
- Next message: Roger Abell: "Re: MSDE 2000 SP3 Fails to install"
- Previous message: Steven L Umbach: "Re: Disable print screen in Windows 2000 Pro"
- In reply to: Ann: "More Secured"
- Next in thread: Roger Abell: "Re: More Secured"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
