On Tue, 5 Aug 1997, mcwilkin wrote:
Microsoft DNS servers (not just any DNS/BIND running on NT) are
notoriously unstable and possibly subject to forms of attack if the
instability is taken as an indicator of harried, sloppy code.
SMTP traffic is a sizable risk. I would detemrine what server they are
using at least. Perhaps an explanation of why they need SMTP service is
in order? I do not see any reason to let the traffic thru the firewall
to them. Why not have the firewall forwarding email?
> Hi all-
>
> We recently had a request from one of our divisions to allow SMTP and BIND
> traffic to an NT box sitting on our internal network.
>
> We are completely NT ignorant. So, I thought I would start here before the
> research beings:)
>
> Our main concern is that we 'DO NOT' know what security risks are involved
> with NT and those services... If that box gets pounded on via some NT hole
> we run the risk of internal comprimise.
>
> We initialy suggested that they move the server to our DMZ but that wasn't
> received well. Or, they could set up another server that would then relay
> to the internal guy...
>
> Anyway - any comments, white papers, or NT security sites would be a great
> help.
>
> Thanks
>
> --------------------------------------------------------------------------
> Michael C. Wilkinson |
> IS - Network Analyst |
> mcwilkin @
twcable .
com |
> 1-303-799-1200 x5773 |
> --------------------------------------------------------------------------
>
Craig Brozefsky craig @
onshore .
com
onShore Inc. http://www.onshore.com/~craig
Development Team p_priority=PFUN+(p_work/4)+(2*p_cash)
References:
|
|
