Firewalls: RE: Raptor's Eagle Firewall

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Raptor's Eagle Firewall
From:	Russ <Russ . Cooper @ RC . Toronto . on . ca>
Date:	Sat, 1 Jun 1996 20:48:57 -0400
To:	"'Peter da Silva'" <peter @ baileynm . com>
Cc:	"'Firewalls'" <firewalls @ GreatCircle . COM>

	Why would you put your firewall into the same authentication domain as 
your users?

	Maybe I'm missing something, but that seems like you're putting an awful 
lot of trust in the NT security model.

Actually, its possible to establish a trust relationship between two 
seperate NT domains such that attempts to log onto the Firewall Domain 
would be validated against an internal Administrative Domain, but accounts 
on the Firewall Domain would not be permitted to log into the 
Administrative Domain.

So even if the Firewall were compromised, none of its accounts would be 
permitted to access the resources protected internally by the 
Administrative Domain security, and remember, neither the user ID or the 
password are transmitted across the network between the two.

Cheers,
Russ

Follow-Ups:

Re: Raptor's Eagle Firewall
From: peter @ baileynm . com (Peter da Silva)
Re: Raptor's Eagle Firewall
From: Adam Shostack <adam @ homeport . org>
Re: Raptor's Eagle Firewall
From: John Betts <johnb @ aztec . co . za>

Indexed By Date	Previous:	RE: Raptor's Eagle Firewall From: Frank Willoughby <frankw @ in . net>
Indexed By Date	Next:	RE: Raptor's Eagle Firewall From: Russ <Russ . Cooper @ RC . Toronto . on . ca>
Indexed By Thread	Previous:	RE: Raptor's Eagle Firewall From: Frank Willoughby <frankw @ in . net>
Indexed By Thread	Next:	Re: Raptor's Eagle Firewall From: John Betts <johnb @ aztec . co . za>