Firewalls: Re: MS-Windows PC as an email gateway

Firewalls
(January 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: MS-Windows PC as an email gateway
From:	Howard Berkowitz <hcb @ clark . net>
Date:	Tue, 30 Jan 1996 12:03:13 -0500 (EST)
To:	bwilab3!chris @ uunet . uu . net (Chris Curtin)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<m0thIT6-0000sAC @ wittsend . com> from "Chris Curtin" at Jan 30, 96 10:56:56 am

> 
> 
> Hi,
> 
> My company is looking at a quick way of getting on the Internet 
> without investing in a lot of hardware and engineering effort.
> One idea, which has management interested, is to work with a local
> ISP to get a dedicated line, either ISDN or 28.8, to tie a PC
> running MS-Windows or MS-Windows NT to the Internet. 
> 
> This PC would be an FTP server and WWW server. This PC would only
> be connected to our office network _after_ it had been disconnected
> from the ISP connection. Thus, no need for a fire wall. (So we
> can transfer files back and forth.)

You don't indicate whether the world would have any write privileges
on your server.  To keep things simple, I would not.  

If you have anonymous read and  write, do be sure these   are in 
separate directories.  The  read  directory would be read-only to
the world; the write directory would be write-only. If you don't do
this, it essentially is a given hackers will find it and use it
as a file exchange point.

Also, there is a theoretical possibiity that one could import a
trojan horse that might bring up external connections on its own.
> 
> (We are expecting the number of hits on both server to be in the
> single digits each day at this time.)
> 
> This same PC would be used for out-going access and would require
> the individual wanting to 'surf' to go to the PC.
> 
> As a short term solution is this seems pretty good. The only problem
> is that we also want e-mail. Today we use UUCP every couple of hours,
> but there is a big push to have immediate access to incoming and
> immediate outbound email, but on the internal network.

Be cautious about mail that can contain executables.
> 


Also, be sure that when the  PC  is accessile to the outside, it
does  not have any remotely mounted disks.


> Is it possible to use MS-Windows or NT as an email-only gateway?
> I am assuming we would need a second lan card or a router?
> 
> What security issues should I look out for? I assume that not
> allowing the PC to be a telnet server is a start and only exposing
> the internal email server to the PC is also a good idea.
> 
> Thanks in advance for any help or other suggestions,
> 
> Chris Curtin
> System Administrator
> 
> 
> --
> Christopher M. Curtin				Bradley Ward Systems, Inc.
> chris @
 bwilab3 .
 atl .
 ga .
 us 			750 Hammond Drive, Building 10
> 						Atlanta, Ga 30328
> 
>

References:

MS-Windows PC as an email gateway
From: Chris Curtin <bwilab3!chris>

Indexed By Date	Previous:	Re: Encryption for cable modem From: Dave Mischler <mischler @ eagle . wd . cubic . com>
Indexed By Date	Next:	Hacking Incidnet Statistics From: David Morris <dmorris @ ix . netcom . com>
Indexed By Thread	Previous:	MS-Windows PC as an email gateway From: Chris Curtin <bwilab3!chris>
Indexed By Thread	Next:	Re: MS-Windows PC as an email gateway From: Mohammed Ali <ali @ protosoft . com>