Seems to me, if the client is willing to do it you can't really call it
an "untrusted server." Foolishly trusted maybe...
I'm also confused that if I have to go through two firewalls to get to
it, how can it be considered to be in a DMZ? Unless you're client is
running two firewalls, to which I'd have to ask, why? Two is no better
than one once a port is open on both.
That aside, I'd think you have to learn more about this other server to
properly analyze the risk. Is it truly in a DMZ or is netbios only open
to IP addresses/ranges of it clients? Does it support, better yet,
require SMB signing?
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of aeheald (at) gmail (dot) com [email concealed]
> Sent: Wednesday, March 21, 2007 10:01 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Shared drives through a firewall
>
> Hello Group;
>
> I am trying to persuade a client NOT to map a drive through two
> firewalls to
> an untrusted server in a DMZ to run an application. I've tried
Googling
> Netbios and security, but get so many entries as to be useless.
>
> Other than the latency issues, and my ten cents that it seems to me to
> be an
> enormously foolish idea, can you folks offer me any further
ammunition?
>
> Big Thanks if you can
>
> Eigen
an "untrusted server." Foolishly trusted maybe...
I'm also confused that if I have to go through two firewalls to get to
it, how can it be considered to be in a DMZ? Unless you're client is
running two firewalls, to which I'd have to ask, why? Two is no better
than one once a port is open on both.
That aside, I'd think you have to learn more about this other server to
properly analyze the risk. Is it truly in a DMZ or is netbios only open
to IP addresses/ranges of it clients? Does it support, better yet,
require SMB signing?
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of aeheald (at) gmail (dot) com [email concealed]
> Sent: Wednesday, March 21, 2007 10:01 PM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Shared drives through a firewall
>
> Hello Group;
>
> I am trying to persuade a client NOT to map a drive through two
> firewalls to
> an untrusted server in a DMZ to run an application. I've tried
Googling
> Netbios and security, but get so many entries as to be useless.
>
> Other than the latency issues, and my ten cents that it seems to me to
> be an
> enormously foolish idea, can you folks offer me any further
ammunition?
>
> Big Thanks if you can
>
> Eigen
[ reply ]