I am using OpenBSD as our firewalled Internet connection. We have several different facilitates and we use Windows NT as the authentication server for users to log onto the system. I use port redirection to send information to where it has to go. This allows me to log and watch all activity, while protecting our intranet. Our NT is using a private IP address and the gateway address on the BSD box is how everyone can get to the Internet. This protects the NT system, while allowing VPN from different locations to the intranet and still have protected access to the Internet. You will need to use LMHosts on the NT system and I suggest to have a 2nd system using FreeBSD as your NAT and a DMZ or Bastion host system where the outside world will be sent if someone does break into your system.
[EMAIL PROTECTED] wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > At 11:28 AM 10/4/2002 +1000, you loudly proclaimed: > >Peoples, > > I have been having a few issues with a Windows NT system and the > >mountain of insecurities associated. I am now looking at alternative > > solutions that should help secure the system. > > > > The best thought I have come up with so far is to put the Windows > > NT > >Server with MS Sql on it behind a Linux box. But, also removing the > >internet ip addressing of the Windows NT server and giving it local > >ip addressing. IE moving from 61.X.X.X to 192.168.X.X. > > > > The Windows NT Server is mainly used on ports 919, 1433, and > > 3140. > >Does anyone see a problem installing Port Forwarding on the Linux > >box redirecting these ports. With the added defence of an IP Tables > >firewall this should remove almost all possibilities to exploit the > >server providing the Linux server is not breached. > > > > I still wish to run the security updates on the Windows NT > > Server > >and the MS SQL Server however i need a long term solution which will > > resolve the difficulties that we are currently experiencing. > > > > So what do you think ?? > > Depending on if you need public access or not to the server, you > could also tunnel the sql traffic through SSH. I'm doing that with > VNC for a remote user. > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPZ3hES7xgTzdLHYCEQI3owCg+Xgp2fo7tzu8Ucsd6YBvrKF0dkwAoNEc > 5xwN2/DLktkJOdoeCgLTl1tM > =2x7/ > -----END PGP SIGNATURE----- -- Kevin McKinstry, MIS Manager Shelton, Washington
