I have a few questions that I hope that the group can answer to some
degree for a Windows NT 4.0 setup:
1) Microsoft Proxy 2.0 is very easy to administer. To allow services
that aren't already proxied (HTTP/SHTTP/FTP) administrators have
simply allowed the installation of Winsock on client computers and
allowed the traffic through the Winsock proxy. An example would be
AOL, POP, or a proprietary protocol that you initiate through a
specific port, but subsequent connections can't be tied to a specific
return port. What known risks is being taken on by freely allowing
these Winsock services through the Winsock proxy. After all, it *is* a
proxy.
2) Microsoft Proxy 2.0 recommends that the server service be unbound
from the Internet NIC. For easy administration, administrators still
allow the server service to be bound to the *internal* NIC. (Remote
administration of IIS, disk volumes, remote backup, etc.) Are there
any risks with this implementation?
Your answers would be appreciated. I'm curious what technical security
reasons would cause these configurations to be insecure. Please,
simply stating that because it is a proprietary Microsoft product,
thus insecure, doesn't really help anyone.
Thank you!
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
|
|
