>At 12:46 PM 9/25/97 +0100, Anna Grieve wrote:
>>Interested to hear that you have got Winframe working through your
>>firewall. We can access the server on the local LAN via dial-up with no
>>problems, but access through the firewall is denied.
>>
>>I understand that we need to open the port 1494 for ICA traffic, but
>>this still doesn't work. We're not keen on putting the server completely
>>outside the firewall, so have you got any suggestions?
I would suggest an alternative design, put the Winframe server in your
DMZ (i.e. BEFORE the firewall).
With this alternative design, even if the Winframe server is cracked
for any reason (you can roughly protect it with NT and/or with the
access/serial router) then you loose nearly nothing.
With your design, if the Winframe server is cracked (the firewall
does not add a lot of further security except if you are using
some authentication on the firewall), then the cracker has a much
broader access to your NT network inside.
Of course, the alternate design may be unsafe IFF your secret
(e.g. files, ...) are stored ON the Winframe server
Any comments ?
-eric
Eric Vyncke
Technical Consultant Cisco Systems Belgium SA/NV
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: evyncke @
cisco .
com Mobile: +32-75-312.458
|
|
