and of course, the frame relay pipe is bestest if it's encrypted to your
point of termination.
Thanks,
Ron DuFresne
On Mon, 5 Feb 2001 [EMAIL PROTECTED] wrote:
>
> #We will have remote users connecting via frame relay to a peering point
> outside our #firewall. They want to authenticate onto our domain to use
> network resources and MS #Exchange mail. From the start, Netbios would
> have to be allowed through the firewall. Is #this an issue since this is
> frame-relay and not the Internet?
>
> You should only need TCP ports 135 and 139 as well as UDP ports 137 and
> 138. First of all, these frame relay sites should be on a dmz and not on
> the external side of the firewall. What you are opening yourself up to
> depends upon the security of those remote sites. If they do not have an
> Internet connection, it is less risky than if they do. If they do have an
> Internet connection you may want some gaurantees about how they secure that
> connection. I would try to use some sort of strong authentication like
> SecurID or SafeWord and I would also place some intrusion detection device
> on the dmz the frame relay conection is on. If they do have an Internet
> connection you might want to look at a VPN instead as it would be a lot
> cheaper.
>
> Regards,
> Jeffery Gieser
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
