[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Windows for NT firewalls
From: blackmer () nbn ! com
Date: 1994-12-31 19:22:40
[Download RAW message or body]
Ken,
Much like your company we lack UNIX experience and are committed to an
NT 3.5 environment. We have around 20 NT servers connected by 3COM CDDI cards
to FDDI backbone driven by 3COM routers in our internal network. We have a NT
server connected to our external 3COM router running the NT beta versions of a
WEB and Gopher (both running well,by the way, with people connecting and not
even knowing they are connected to NT server vs UNIX). We also provided the
router to our internet provider so we could move some router/firewall
decisions farther away from our environment.
At this point we do major and minor access control(filtering) in
different 3COM routers to keep certain sockets out of this NT server on the
internet. The router feeding the internet backbone allows no UNKNOWN user
access from outside in.
In the NT server we do extensive logging of just about all kinds of
foreign access (the Russ Blake book, by Microsoft, "Optimizing Windows NT" was
a big help here) We do some things with code on the server. Mail, at this
point, is handled by out internet provider server. North Bay Networks, they
know alot of UNIX.
In firewall terms we use a version of a "screened subnet". RPC 1597.
Most of the work is done in the 3COM routers in which I have a lot of
experience. We have a lot of NT AS people who are very nervous and we keep
looking at this server.
I am willing to provide the "filters" for the 3COM routers if anybody
is interested. 3COM helped on these and you get them from any 3COM technical
person.
You could also call your Microsoft people since the Microsoft stuff on
the Internet is all NT (www.microsoft.com. gopher.microsoft.com, etc)
A BIG NOTE OF CONCERN. Maybe we are doing OK because:
1. Not that many people know,use, or care about the NT
operating system so the years of expierence of attacking UNIX
systems is missing at this time;
2. There is so much to go after then 3 years ago;
3. We pay A LOT attention to the firewall user group and try
to match problems mentioned to our area;
4. We read all the GreatCircle, TIS, etc stuff;
5. We read the "Firewalls and Internet Security" book by
Cheswick and Bellovin. (How can I get an autograph ??)
6. its all TCP/IP good or bad, we stay awake;
7. Its still a test area, we have NOT bet the shop.
Lastly, as part of the MIDAS project for all the schools, cities, etc in Marin
County, we are using the UNIX operating systems with firewalls in addition to
our own NT AS environment. SO we will try to keep the best of both worlds.
WARMLY from the hot tub,
Bill Blackmer
County of Marin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic