> Let me add another one on our list which you will probably find interesting
> (meaning you may like it a lot or you may have alarm bells going off in your
> head), available in the next (3.05) release of EagleNT:
> NT Domain Authentication
> This means that instead of transferring or creating all your users and
> passwords on the firewall. You can tell the EagleNT to authenticate a user
> by having the firewall contact an internal PDC to authenticate based on its
> user and password database. We simply pass the user and password
> information to the PDC and wait for an answer of yes or no. The customers
> who know this is coming are really pumped. NT customers are addicted to the
> NT Adminstration paradigm and like having all their user information in one
> place. Having the firewall use it is a big plus. I'm not aware of any
> security holes per se for the firewall interacting with the PDC (a one way
> interaction), but I'm sure this group might propose some for us to think
> about :-))).
I don't know about a *hole*, but it does mean that the security of the
firewall function is dependent of the security of your PDC. I have some
misgivings about this, though at least if they snoop the OWF password
it doesn't mean they'll be able to use it to get through the firewall
since I can't think of any way to trick the firewall into passing that
through unscathed.
Follow-Ups:
References:
|
|
