My understanding, that for your NT machines to communicate it
would be all be NetBIOS over TCP/IP so you could open a well known
port (netbios = 138 & 139 ?) That would ALLOW communications, how
you secure that or control it, is another question..
If the NT machines were running other services (ftp or whatever)
that would follow the usual rules.
>>> "Wadzinski, Tom IS" <Tom .
Wadzinski @
heitman .
com> 16/April/1997
09:01am >>>
Hello,
I have a question about TCP/UDP services not supported by a given
firewall. When I search for the right firewall for our org, I
often ask
vendors about what happens if I have a service that their firewall
don't
support. With most vendors, they'll say, " Simple, create a
"rule" that
says, basically: Open port xxx for whatever external(untrusted)
sites
you want to be able to communicate with whatever
internal(trusted)sites
you want." They act like this is no big deal, but isnt' this
really a
large security risk, just allowing any traffic on a particular
port to
pass?
My main goal is to create a fairly secure method of having remote
user's
(who are running NT Workstation 4.0, etc..) access an NT domain
through
a firewall. If anyone has had success with users using dial-up
networking to login into to an NT domain through a firewall, I
would
love to hear about it.
Tom Wadzinski
|
|
