We're in the process of "properly" configuring our dial-in service to
originate from a second DMZ on the public side of our firewall. Our dialin
users are limited to only those few users who are out sick, telecommuters,
etc. The problem that we are currently trying to resolve is how to enable NT
users to dial-into this second DMZ and still allow them to log into the
"Windows Network" (i.e. authenticate themselves to the NT server) and allow
those users to share networked
Our firewall is a filtering router/application proxy configuration.
We are currently running FWTK 2.0 on a Linux kernel. I'm a Unix admin/user, so
I know next to nothing about windows, except that ports 135-139 are a very bad
thing :) For this reason, I have the impression this access request maybe
too much of a security risk. But if this is going to fly, I have to my
objective. Also, the alternative to not enabling thos access request from
this "dialin DMZ" would be that there would be a NT dialin server on our
Intranet ; effectively by-passing the firewall anyway.
1 - is this possible ?
2 - is this an acceptable risk ?
3 - what are the risks of enabling windows users through a firewall
like this ?
Thanks in advance for any and all suggestions/comments,