There's a problem with having a firewall speaking NetBIOS.
NetBIOS has serious design flaws, which has been demonstrated
by several different people. One could argue that you should
not use it at all (use another networking protocol), but in
any case I for one would not want it anywhere near my firewall,
let alone inside its authentication mechanisms.
I'd probably take a look at LDAP or RADIUS or something along
those lines; one of the biggest advantages being that that
works on other OSes than Windows. However, if you can forsee
that you will never ever use even ONE single non-windows machine
in the future, this point may be moot.
In fact, I'd probably want to disable NetBIOS on all interfaces
of the firewall to keep it out of harm's way, along with removing
"Server" and "Workstation" and all the other services on it.
You don't want unnecessary code running on your firewall.
Tom Tomasovic wrote:
>
> Vince/Jim et al:
>
> OTOH, does it not make sense to make your firewall server it's own domain and
> then create a one way trust to your network domain (firewall being the trusting
> domain and the network being trusted)? That way, you don't have to create all
> the users on your firewall box.
>
> You can't do that unless the box is a part of a domain. In this case, it would
> probably be the only box on the domain, ergo the PDC.
>
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
