Security Basics mailing list archives
Re: Proxy Auth
From: Bennett Todd <bet () rahul net>
Date: Fri, 21 Mar 2003 12:57:11 -0500
2003-03-21T10:14:53 pablo gietz:
Do you know how to encrypt the proces of authentication betwen the browser and squid proxy?
As far as I can see, no. This would be a good question for a squid-specific list, though. What _ought_ to work is to enable https in squid (I don't see any support for that) or equally run a stunnel (preferably in transproxy mode, so squid can still see the real originating IPs) as a front end; then configure the browser to use https://url.of.squid:3128/ as the proxy. Problem is, I don't think this is actually supported.
We like to use the same login name and password for NT and squid, but doing so we expose the password of the NT users based in the fact that the browser code the password in base64.
Exactly right. You've got two choices that I know of; either force people to use separate passwords for your squid, so their exposure doesn't do as much damage, or else craft the net between your users and your squid so you aren't so worried about sniffing. Well-monitored switches can be a help. Give everyone a separate switch port, and span every switch to an IDS set up to report attempts to whap its cam table. -Bennett
Attachment:
_bin
Description:
Current thread:
- Proxy Auth pablo gietz (Mar 21)
- Re: Proxy Auth Bennett Todd (Mar 24)
- Re: Proxy Auth Andre Speelmans (Mar 24)
- ip verify unicast rpf vs acls on cisco routers? McKenzie Family (Mar 24)