Seems to me, if the client is willing to do it you can't really call it an "untrusted server." Foolishly trusted maybe...
I'm also confused that if I have to go through two firewalls to get to it, how can it be considered to be in a DMZ? Unless you're client is running two firewalls, to which I'd have to ask, why? Two is no better than one once a port is open on both. That aside, I'd think you have to learn more about this other server to properly analyze the risk. Is it truly in a DMZ or is netbios only open to IP addresses/ranges of it clients? Does it support, better yet, require SMB signing? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Wednesday, March 21, 2007 10:01 PM > To: [email protected] > Subject: Shared drives through a firewall > > Hello Group; > > I am trying to persuade a client NOT to map a drive through two > firewalls to > an untrusted server in a DMZ to run an application. I've tried Googling > Netbios and security, but get so many entries as to be useless. > > Other than the latency issues, and my ten cents that it seems to me to > be an > enormously foolish idea, can you folks offer me any further ammunition? > > Big Thanks if you can > > Eigen
