Ask the Expert

Using an NT server as an Internet gateway

I would like to know if it's a good idea to put an NT server (primary domain controller) as an Internet gateway (with a proxy like Wingate)? Or is it more prudent to use a workstation on the LAN for this job?


    Requires Free Membership to View

I would definately avoid using my PDC as an Internet gateway. There is a great deal of danger in doing so! There is a huge amount of functionality on the box for an attacker to compromise. If they do take over the machine, you lose in all sorts of ways -- the attacker has complete access to your systems from the Internet and can pose as any user! Yikes!

I would use a minimal install of Windows workstation as my Internet gateway. Don't just use one on the LAN; use it as a true dual-homed gateway separating your LAN from the Internet. Wingate is a fine tool to use for filtering on such a machine in a small environment (5 to 25 machines); I've used it in many small networks.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure & Network Security
WhatIs.com Definition: Wingate


This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: