Re: Questions on Firewall-1 and Neighborhood Browser

From: Rodney van den Oever (roeverat_private)
Date: Fri May 29 1998 - 13:37:40 PDT

  • Next message: Wolfram Schmidt: "Re: Identifying End of Tx in FTP"

    >I have a customer that I'm working with using Check Point Firewall-1.
    Sorry, but I cut a *lot* of your original posting...
    > The firewall, internal network, and DMZ are all in the
    >same WindowsNT domain. The firewall is a standalone server. The customer
    Are you referring to the classic DMZ description, or the Checkpoint one?
    So your external victim hosts are trusted by your internal servers. If
    anything happens to them the entire network could be compromised. It's like
    a bypass around the firewall!
    Created a seperate domain, block all browsing, only patch a specific
    workstation to the DMZ to manage the web-/ftpserver(s).
    >that they can see the shares that are available. By default, the user
    >will not see these because the NetBEUI protocol is not routable, (the
    Don't confuse NetBEUI with NetBIOS. NetBEUI is a network protocol like IP.
    NetBIOS is a session-layer protocol that can run on top of IP, IPX or
    >internal network. I define a peering between the two (2) WINS servers
    >and force a replication. The DMZ WINS server pushes and the internal
    You don't want to allow stuff like WINS to cross your firewall, really...
    If you still do need to access a machine on the other side of the firewall,
    just create a '%SYSTEMROOT%\system32\drivers\etc\lmhosts'-file.
    o Think about a good security policy and enforce it with the Firewall.
    o Just disable the firewall, it only stands in the way with all this stuff
    your customer wants to do :-).
    Good luck!
    Rodney van den Oever / 06 55868577 / PGP Key ID 0x0A6CCE53
    When asked by an anthropologist what the Indians called America
    before the white man came, an Indian said simply "ours". - Vine Deloria, Jr.

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:12 PDT