Firewall Wizards mailing list archives
Re: terminal services
From: "Steven M. Bellovin" <smb () research att com>
Date: Tue, 28 Jan 2003 16:02:06 -0500
In message <4D163268.59645032.4E9ED121 () netscape net>, natfirewall () netscape net writes:
Greetings, I am being asked to open port 3389 on our Corporate firewall and direct incomi ng traffic on that port to a specific IP on our internal network. Being the p aranoid that I am, I do not want to do this but I need better reasons/ammuniti on other than saying "it would be bad". I am looking for pointers to informat ion hopefully in support of my fear of M$ security. Also, the more recent th e information the better.
After Saturday's festivities, you have to ask? Note -- I'm *not* saying that just because it's Microsoft. Rather, I'm pointing out the danger of opening extra holes in your firewall. Ask yourself this: how did Microsoft (and others) get the infection on the *inside* of its firewall? The issue isn't just that people inside didn't patch their machines (though by my analysis, to a first approximation virtually every machine they own was likely to be vulnerable); rather, it's that there was a hole. Mostly likely, there was more than one hole, but it only took one, given how virulent this worm was. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- terminal services natfirewall (Jan 28)
- Re: terminal services R. DuFresne (Jan 28)
- Re: terminal services Don Kendrick (Jan 28)
- Re: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services David Lang (Jan 28)
- Re: terminal services Duncan Sharp (Jan 28)
- Re: terminal services Paul D. Robertson (Jan 28)
- <Possible follow-ups>
- RE: terminal services Noonan, Wesley (Jan 28)
- Re: terminal services Steven M. Bellovin (Jan 28)
- RE: terminal services Noonan, Wesley (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services Barney Wolff (Jan 28)
- RE: firewall design (was: RE: terminal services ) m p (Jan 29)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- Message not available
- RE: terminal services Marcus J. Ranum (Jan 28)