Re: terminal services

["Steven M. Bellovin" <smb () research att com>]

In message <4D163268.59645032.4E9ED121 () netscape net>, natfirewall () netscape net 
writes:
> Greetings,
>
> I am being asked to open port 3389 on our Corporate firewall and direct incomi
> ng traffic on that port to a specific IP on our internal network.  Being the p
> aranoid that I am, I do not want to do this but I need better reasons/ammuniti
> on other than saying "it would be bad".  I am looking for pointers to informat
> ion hopefully in support of my fear of M$ security.  Also,  the more recent th
> e information the better.

After Saturday's festivities, you have to ask?

Note -- I'm *not* saying that just because it's Microsoft.  Rather, I'm 
pointing out the danger of opening extra holes in your firewall.  Ask 
yourself this:  how did Microsoft (and others) get the infection on the
*inside* of its firewall?  The issue isn't just that people inside 
didn't patch their machines (though by my analysis, to a first 
approximation virtually every machine they own was likely to be 
vulnerable); rather, it's that there was a hole.  Mostly likely, there 
was more than one hole, but it only took one, given how virulent this 
worm was.


                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com (2nd edition of "Firewalls" book)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards