firewall port requirements for windows fall-back authentication

From: enrico sabbadin (sabbadin_at_infinito.it)
Date: 10/20/03 

Date: Mon, 20 Oct 2003 10:46:35 +0200

Hi,
I've been researching through the web and I've somehow understood what ports
must be open in a firewall
to have NTLM and Kerberos authentication succeed.
I then have read some MS docs stating that "if a firewall is in-between" the
best solution is to use the fall back authentication mode .. that is having
two matching local accounts on the client and a server (say a web server
(Client) and an applciation server (server).

I'm well aware of the fall-back mechanism .. still what I don't know in what
terms this approach solves the problem ..
that is .. what port do not need anymore to be opened when using fall back
authentication ?

thank for you help

p.s.: I'd like to understand if IPSEC can be used to bypass these issues ..
I've read soem docs about it but some say yes, other say no .. can someone
explain ?
again .. thanks a lot 

-- 
sabbadin@sabbasoft.com
MTS - COM+ - VBCOM - Enterprise Services - Security FAQ
.NET & COM+ books selected list
http://www.sabbasoft.com
"Moving fast is not the same as going somewhere." -Robert Anthony

Relevant Pages

  • Re: Outlook using RPC over HTTPS does not authenticate using the Kerberos Realm
    ... Used Outlook in Safe Mode, ... For testing, client and server are on the same network, so no proxy server. ... Please first select "Integrated Windows Authentication" on the PRC virtual ... Disable firewall or antivirus on PC, ...
    (microsoft.public.exchange.admin)
  • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
    ... > fairly tight(only allowing 4 ports in), but perhaps I could tighten it ... The host systems firewall rules govern the access to the jailed system. ... What connections does your server need to ... Perhaps there is a 0-day for your ftp server out there. ...
    (Incidents)
  • Re: Add 2nd NIC after intial install?
    ... My biggest question with 1 NIC is: even if workstations are protected with individual firewall products, what is protecting the SBS server itself if ports are open for remote access through the Linksys firewall? ...
    (microsoft.public.windows.server.sbs)
  • Re: Source Code to Filter out WindowsMessenger POP-UPS
    ... Zone Alarm does NOT support 'server'. ... Very few ports are open, ... >What you are asking for amounts to a firewall. ... I would NOT search for source code to compile ...
    (microsoft.public.inetserver.iis.security)
  • Re: Using Office Outlook with exchange server behind windows firewall
    ... On our network I have windows firewall turned on, on both my small business server and my windows xp workstations. ... Based on an article I read about all the ports that exhange may use I also tried making exceptions for ports ...
    (microsoft.public.windows.server.sbs)