I'm the original poster. Seems as if I'm being made to do something pretty
awful. They want me to put in an MS-Proxy machine and go around the
firewall. GULP. Now I don't know much about MS-Proxy but through this group
I've learned about DCOM and RPC and I am a bit scared of what we're doing. I
am recommending to my boss to get in writing from senior management an
understanding that what we're doing is not a very healthy thing. We are
planning to swap out Gauntlet in favor of Firewall-1, mainly at the
recommendation of the ISP. The application that is using DCOM is on a
service that normally you would think of as being used by an individual via
a dial-up ISP which would probably not be a security issue for DCOM and RPC.
I guess the only thing I can do will be to keep a close eye on this proxy
box. This fiasco (the nth of many) is the result of no central policy on how
the Internet is supposed to be used by the business. Hey, I'm just an old
bit-smasher, what do I know.
-----Original Message-----
From: Marcus J. Ranum [SMTP:[EMAIL PROTECTED]]
Sent: Saturday, May 29, 1999 6:18 AM
To: [EMAIL PROTECTED]; Paul D. Robertson
Cc: [EMAIL PROTECTED]
Subject: Re: DCOM on Gauntlet
>At the end of the day, what's the original poster to do? Tell the
>department that wants to access DCOM to get lost? Or chuck the
>firewall? Or both?
I'd start with the former. If that didn't work I'd do whatever
I could to pass the buck on responsibility for the firewall.
(The latter is probably a good general recommendation for
firewall admins under all circumstances)
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
