If it was me, my firewall would not be trusted by any other part of the
network. If I need to work on it I would log in to it alone. Trusts some
time don't work as expected, at least for me. Seems only a very few people
should be able to log onto the firewall and it would be easy to add then by
hand and I suggest their passwords and user id's not be the same as the rest
of the systems they log in to. This should help if someone gets the
firewall password file.
Renee Lee
UTHSCSA
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 12, 1999 8:14 AM
To: [EMAIL PROTECTED]
Subject: FW: Firewall-1 On NT
Vince/Jim et al:
OTOH, does it not make sense to make your firewall server it's own domain
and
then create a one way trust to your network domain (firewall being the
trusting
domain and the network being trusted)? That way, you don't have to create
all
the users on your firewall box.
You can't do that unless the box is a part of a domain. In this case, it
would
probably be the only box on the domain, ergo the PDC.
Regards,
Tom
Web Developer, HealthFirst
(212) 801-6214
==============================================
The opinions contained herein are mine and mine alone. I am fortunate
that HealthFirst allows me to express them to you, but they are not
responsible for what I say.
==============================================
The basic concept is that your Firewall should not be trusted to anything on
your network. The bottom line is that
if you trust your Firewall to your DMZ and your Firewall is compromised, so
goes
your DMZ.
Jim Lemieux
Does anyone know why Firewall-1 for NT recommends installing the software on
a workgroup instead of a domain(member server)? If so, won't I have to setup
separate accounts for each user? I'm planning on a DMZ with three NIC cards.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
