Eigen,
Why not have the client do push replication from the back end system to the one
in the DMZ? This way the back end system wouldn't be exposed and the data
needed for the front end system to run will be accessible to it.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: "Phil Waller" <Phil.Waller@WGSN.com>
Date: Thu, 22 Mar 2007 13:36:43
To:<aeheald@gmail.com>, <focus-ms@securityfocus.com>
Subject: RE: Shared drives through a firewall
Its just a big no no no no no NON, NEIN,
There are loads of reasons why not to - as you have said you have
googled this and been inundated with reasons why not to so I wont put
you through the pain
Can't you get the client to tunnel up to the firewall using IPSEC or
similiar and then allow NetBIOS/TCP 445 or 139 from the endpoint onwards
if needs be?
Latency issues will still be a pain when tunneling due to some overhead
on building and maintaining the tunnel, CIFS access doesn't work well on
a WAN anyhow
I take it the orientation is internet --> DMZ and not Trusted --> DMZ?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of aeheald@gmail.com
Sent: 22 March 2007 02:01
To: focus-ms@securityfocus.com
Subject: Shared drives through a firewall
Hello Group;
I am trying to persuade a client NOT to map a drive through two
firewalls to an untrusted server in a DMZ to run an application. I've
tried Googling Netbios and security, but get so many entries as to be
useless.
Other than the latency issues, and my ten cents that it seems to me to
be an enormously foolish idea, can you folks offer me any further
ammunition?
Big Thanks if you can
Eigen
