Chris <chris @
fishcons .
demon .
co .
uk> asks:
>I have a connection to the net through a Gauntlet firewall. I want to run a
>web server (NT) and have received conflicting advice as to where it should be
>located, internal or external to the firewall.
>In addition, what other risks need to be considered with using an NT server
>either internal or external.
If your site considers its data important enough to protect using
a firewall, you should place an NT server *outside* the firewall.
Why? Because NT is too new for people to know how to secure it against
sophisticated attacks. Given that it only earned a C2 security rating,
it probably won't withstand sophisticated attacks anyway. So if it's
inside your firewall and someone subverts it through the http server,
your network can be accessed from the inside.
On the other hand, NT is also new enough that few attackers are going
to know how to successfully attack it. That'll probably change as time
goes on, though. Either NT will be a failure and will resist attack
because it's not well known, or it will be a success and everyone will
know about its holes.
Rick.
smith @
sctc .
com secure computing corporation
Follow-Ups:
|
|
