I would like to know if it's a good idea to put an NT server (primary domain controller) as an Internet gateway (with a proxy like Wingate)? Or is it more prudent to use a workstation on the LAN for this job?
I would definately avoid using my PDC as an Internet gateway. There is a great deal of danger in doing so! There is a huge amount of functionality on the box for an attacker to compromise. If they do take over the machine, you lose in all sorts of ways -- the attacker has complete access to your systems from the Internet and can pose as any user! Yikes!
I would use a minimal install of Windows workstation as my Internet gateway. Don't just use one on the LAN; use it as a true dual-homed gateway separating your LAN from the Internet. Wingate is a fine tool to use for filtering on such a machine in a small environment (5 to 25 machines); I've used it in many small networks.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure & Network Security
WhatIs.com Definition: Wingate
This was first published in August 2002