--- Begin Message ---
In article <33956691 .
57F6 @
pdx .
com .
my>, Wong <smwong @
pdx .
com .
my> writes
Hi, I'm sorry to mail this responce to you but, I have never been able
to get a posting through to this news group. If you wish to post it fore
me that would be appreciated!
Your message follows:
Received: from axelf.demon.co.uk ([158.152.252.32]) by punt-
2.mail.demon.net
id aa0611217; 6 Jun 97 10:35 BST
Message-ID: <L55KsCAAm9lzEwPz @
axelf .
demon .
co .
uk>
Date: Fri, 6 Jun 1997 10:33:52 +0100
To: muc-lists-firewalls @
moderators .
uu .
net
From: Simon Foley <SIMON @
axelf .
demon .
co .
uk>
Newsgroups: muc.lists.firewalls
Subject: Re: Microsoft Proxy Server
Path: axelf.demon.co.uk!SIMON
References: <882564A1 .
00018A6A .
00 @
isc_domino .
iscci .
com>
<33956691 .
57F6 @
pdx .
com .
my>
Lines: 71
Organization: Eric Cantona Is God
MIME-Version: 1.0
Distribution: world
X-Newsreader: Turnpike Version 3.03a <ifsrTkjYH1CykbEdC9MaZ3yG8a>
In article <33956691 .
57F6 @
pdx .
com .
my>, Wong <smwong @
pdx .
com .
my> writes
Just thourght I would add my two pence worth, and I use MSProxy!
>> Remote Administration via Internet Service Manager allows Microsoft Proxy
>> Server to be managed from any Windows NT system on the network.
>>
correct me if I am wrong but if you use the http administration utility,
the passwords are transported in *ENCODED* *CLEAR TEXT* authentication
and hence you would be mad to administer the proxy via this method.
However I do not know weather this administration can occur through the
internet side of the server. It would be a major breach of security it
was!
I suspect this will only be the case if you were allowing web publishing
on the same server, ie allowing listening on port 80. *NOT* a good thing
to do at all. Any bugger on the internet would be able to try to logon
as an administrator!!!!!!!! One would hope MS would have denied this
service to ips in the proxy's LAT, but they seem to be hinting in their
so called "security" manual that this is a risk, but do not specify
weather this is just for normal proxy usage or also the administration
service.
Anybody any ideas?
>> Integrates with NT network security domain model - Microsoft Proxy Server
>> extensively leverages the network-based Windows NT domain security model to
>> manage access permission and logging.
>>
>You must use "Trust" to connect those domains together. And, the "Trust"
>can be
>compromised to make the NT trust anybody. Sounds scary . . . .!
>>
Well to be more specific you can make the trust one way as in DomainLAN
is "Trusted" by DomainProxy but DomainProxy is not "Trusted" by
DomainLAN. The issue then becomes one of how secure is the trusting
implementation in NT. You would have to work for MS to find out as they
give bugger all information out!
>> Massive Scalability - Microsoft Proxy Server's cache is limited only by
>> Windows NY Server system resources.
>>
>Can NT scale up to 64 processors, like the SUN servers? Or 12
>processors, like the
>Alpha servers.
>>
Yes, the NT box makes a nice stand to put your Sun and Alpha servers on
:-)
Dose anybody know weather MS Proxy uses the RPC service on the NT box. I
am interested on the ports you would have to open to administer and
establish trust to a proxy on the other side of a firewall. MS say
nothing of any help! Ever called connections? My sister know more about
these issues than every MS bod I have ever talked to there!
laters
simon
--
Simon Foley
--- End Message ---
