[3165] in WWW Security List Archive
Re: [NTSEC] Re: General Question
daemon@ATHENA.MIT.EDU (Paul D. Robertson)
Wed Oct 9 00:09:04 1996
Date: Tue, 8 Oct 1996 22:09:25 -0400 (EDT)
From: "Paul D. Robertson" <proberts@clark.net>
To: Roberto Galoppini <rgaloppini@tim.it>
cc: Mike Earnshaw <bigvern@ozemail.com.au>, www-security@ns2.rutgers.edu,
ntsecurity@iss.net
In-Reply-To: <325A63B0.2419@tim.it>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 8 Oct 1996, Roberto Galoppini wrote:
> Mike Earnshaw wrote:
>
> <snip>
> > 2. I have been tasked with setting up our companies Intranet/Internet
> > connection, whilst I am fairly confident with Windows NT, I know very
> > little about WWW Security. Bearing in mind point one above, what
> > considerations should I bear in mind when connecting our Intranet to the
> > Internet with NT v4.0 ( is v3.51 better ?) and Catapult.
Catapult isn't meant to be a firewall, and at this point, being still beta
code, shouldn't be used as such. If you don't know anything about
firewalls, I'd suggest a lot of research, or a couple of classes prior to
starting.
>
> Mhh.. NT v4.0 is that MICROSOFT product that allows UP TO TEN
> connections, isn't it? Why don't you have a look at the "MS NT
> Workstation 4.0 License Maintains Socket Limitation" by Tim O'Reilly
> (http://software.ora.com/news/msnt40_limit.html).
NT Server doesn't have that limitation.
>
> > 3. Regrettfully due to some clause somewhere, we have to primarily use MS
> > products, but if anyone can help with points of view for or against, and if
> > against some alternatives, to NT & Catapult - it would greatly improve my
> > chances of swaying the MD !!.
Catapult isn't a firewall, and is still beta code, I'd not risk my company
on it. There are also lots of complaints about it interacting with
Netscape browsers in the public MS newsgroups. If you *have* to go NT
(I'd also not use it for a firewall, because it's not mature enough for my
tastes -- Yes, my firewall runs an *old* release of its OS -- also I've
seen enough complaints about unpredictable, or wrong behaviour on
multi-homed NT hosts to make me very wary of something like Catapult
which doesn't live under the OS in the network stack) you'd be better off
with something like Firewall-1, or Raptor. Be sure to choose a good
reseller who can help you with configuration issues.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@clark.net which may have no basis whatsoever in fact."
PSB#9280
