At 04:42 PM 10/16/97 +1000, Colin Linahan wrote:
>Hi everyone,
> We want to do what many may consider a security risk - allow Windows
>NT ports 137,138 and 139 between initially three geographically separate sites.
> We are wanting to run a Windows NT domain over our TCP/IP based
>WAN ( which is connected to the Internet ) - through CISCO routers and a
> Gauntlet 3.2 firewall running on SunOS 4.1.4 based host ( which will later
> this year be running Gauntlet 4.0 for Solaris ).
>Our site is the only one with a proxy-based firewall.
>...yada...
Use tunnels between trusted sites.
Remember NetBEUI is not routable.
The more holes you put in a firewall, the less of a 'firewall' it is. Open
NetBIOS ports on you firewall can become party-time for intrusions. You can
download the Altavista tunnel eval to see if it works for you, I think
that's the only tunnel that doesn't have live on the firewall (runs on PCs
inside the firewalls). Port 6666 is opened to the IP address of the tunnel,
though only encrypted links are accepted.
BTW - Are there any other tunnels available that don't have to run on the
firewall?
Bill Stout
____________________________________________________________________________
Some people though signing 'worst ever El Nino' warnings four months ago was
sick. Now _I'm_ sick of hearing of it every stinkin' day.
|
|
