netcomm wrote:
>
> Hi All
>
> I was going through available services in FW-1 . it has DCE RPC etc.....
> I am trying to make a stand alone NT server ( in the DMZ) as member server
> of a domain which is behind a Firewall ( FW-1)...
> now I don want to use TCP/IP for this I want to use NetBEUI only...but FW-1
> allows rules for objects defined on ip address only.???
Why, oh WHY would you want to allow your DMZ server to communicate with
your internal network through NetBEUI?!?!?!
You might aswell NOT have a firewall between the "DMZ" and the
internal network! If you'd ever find a "firewall" (buaha) that'd
allow it, you'd find yourself in a situation where you get LESS
protection than you'd get from an ordinary router using NetBIOS
over TCP/IP.
And on another note: allowing DMZ servers to communicate with
the internal network (through NetBIOS makes it twice as bad)
and having them be in the same domain is an exceptionally bad idea.
I'd recommend that you go buy a good book on firewalling, and
read and thoroughly understand the basic concepts of security,
and how different protocols function and impact security.
My personal recommendation would be "Building Internet Firewalls",
that is now out in its second edition. It even describes the
characteristics of NetBIOS and SMB. (The most important part
is the summary: "Don't allow SMB across your firewall" :) )
ISBN: 1-56592-871-7
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
