[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: firewalling a windows PDC

To: 'Laurent Thierry' <thierry.laurent@capco.com>, firewalls@Lists.GNAC.NET
Subject: RE: firewalling a windows PDC
From: Ben Nagy <bnagy@cpms.com.au>
Date: Tue, 9 May 2000 13:49:25 +0930

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]




> -----Original Message-----
> From: Laurent Thierry [mailto:thierry.laurent@capco.com]
> Sent: Tuesday, 9 May 2000 2:01 AM
> To: firewalls@lists.gnac.net
> Subject: RE: firewalling a windows PDC
> 
> 
> 
>  Ben,
> 
> Why is it so dangerous to let the RPC service activated? 
> AFAIK, disabling it
> often produce performance problems (our own experience with 
> CP FW-1 on NT
> machines)? Does this means that, in this very specific case, 
> no compromise
> can be made between security and performance?
> 

Sorry - sloppy phrasing. You're right - you _really_ don't want to _disable_
RPC. 8) "Performance problems" is a fairly mild way of describing the
results of shutting down the RPC portmapper for a firewall box. 8)

What you do want to do is protect the RPC port from external access. If you
want internal users to be able to use a domain controller, however, you must
allow access to  RPC from their computers.

Cheers,

--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304  Mobile: +61 414 411 520 
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: Re: Incoming in ftp server !
Next by Date: RE: Incoming in ftp server !
Prev by thread: RE: firewalling a windows PDC
Next by thread: Re: Basics of firewall setup
Index(es):
- Date
- Thread