From owner-freebsd-security Mon Sep 27 20:18: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 7CCDC14D98 for ; Mon, 27 Sep 1999 20:17:55 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from JHowie - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Mon, 27 Sep 1999 20:17:24 -0700 Message-ID: <016e01bf0960$fc536f20$fd01a8c0@pacbell.net> From: "John Howie" To: "Andre Gironda" , "Scott I. Remick" Cc: References: <4.2.1.4.19990927195047.00d813e0@mail.computeralt.com> <19990927181310.G24486@toaster.sun4c.net> Subject: Re: Help me win the MS-Proxy/ipfw war Date: Mon, 27 Sep 1999 20:24:33 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: Andre Gironda To: Scott I. Remick Cc: Sent: Monday, September 27, 1999 6:13 PM Subject: Re: Help me win the MS-Proxy/ipfw war > NT cannot be used in an Internet environment (or as a bastion host) > because of the serious security implications. Netbios, IIS, and WINS > are very insecure and instable applications/protocols It is possible to tighten these holes up and to make your NT system secure on the external (Internet) interface... But then you can't do remote administration using the external network interface as you need access to the NetBIOS ports (use a VPN to access the internal interface and you can). You will spend most of your time making sure that your system is secure but always have the nagging doubt that you missed something or a new hole has been discovered. All I can say is "God bless Microsoft", they keep me in a job securing Windows NT installations, usually by using FreeBSD :-) as a firewall. john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message