Our windows 2008 FTP server is in our PIX powered DMZ.
We've open ports so the FTP server can chat with our internal domain controllers so field users can use their domain\userid to log into the FTP server. Years ago, we used local userid/passwords on the ftp server but found it to be a hassle from a two-accounts redundancy and disaster recovery perspective. Our FTP server in the DMZ is backed up daily, and we also take hourly snapshots using REPLAY (backup/restore tool)
We are entertaining opening up the incoming newbios ports to the DMZ so our field laptop users can map a drive to our already existing ftp server. The objectives are :
not have local data on the laptops - the users would open the files from the X: which would actually be on our dmz server,
so their data is backed up, and
so their data is easily share-able with other laptop folks in the same department (using the ntfs security permissions on the file server).
Right now, we're interesting in cobbling together some kind of free solution, so not really able to consider something like sharepoint.
1. What are the incremental risks or issues of opening up incoming netbios ports to the dmz?
2. Is there a better way to fulfill the objectives stated above?
Most of our laptop folks have dsl or cable modem. A few access the internet via a slow mobile broadband card modem, but we are trying to upgrade bandwidth subject to availability.
Thanks for any thoughts,