Using an NT server as an Internet gateway

I would like to know if it's a good idea to put an NT server (primary domain controller) as an Internet gateway

(with a proxy like Wingate)? Or is it more prudent to use a workstation on the LAN for this job?

I would definately avoid using my PDC as an Internet gateway. There is a great deal of danger in doing so! There is a huge amount of functionality on the box for an attacker to compromise. If they do take over the machine, you lose in all sorts of ways -- the attacker has complete access to your systems from the Internet and can pose as any user! Yikes!

I would use a minimal install of Windows workstation as my Internet gateway. Don't just use one on the LAN; use it as a true dual-homed gateway separating your LAN from the Internet. Wingate is a fine tool to use for filtering on such a machine in a small environment (5 to 25 machines); I've used it in many small networks.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure & Network Security
WhatIs.com Definition: Wingate

This was first published in August 2002

Dig deeper on Web Application Security



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: