On Wed, 24 Jan 1996, Peter Morrissey wrote:
> I'm interested in peoples' opinions on having a security
> policy that closes off this port (actually 137,138, 139) at
> the Internet firewall. Some are saying that they should
> be allowed to share there Win/95 and Win/NT resources
> over the Internet. My feeling is that there are better
> ways to accomplish this, and that it might be dangerous
> to do it this way.
I really don't know too much about NetBEUI, but it strikes me that
anytime that you allow any protocol to pass through the firewall without
having it examined, you're asking for trouble.
There exists the very real danger that the person with the
Win/95/NT box sitting on their desk could be the focal point of a well
mounted attack that used their machine as a router between the outside
world and your internal net completely bypassing your firewall.
So, yes, I'd be very inclined to agree with your analysis.
Ben.
____
Ben Samman .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
samman @
cs .
yale .
edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation." -Anais Nin
PGP Encrypted Mail Welcomed Finger samman @
suned .
cs .
yale .
edu for key
Want to hire a soon-to-be college grad? Mail me for resume
|
|
