Security Basics mailing list archives
RE: Accessing corporate servers through the web..
From: <arek () chelmnet pl>
Date: Mon, 17 Nov 2003 22:14:48 +0100
I think, that it is good, to make some distributed firewall config from spearate server www onto firewall. INTERNET----FW----SECURED_SITE | |-FIREWALL_WWW_SITE the FIREWALL_WWW_SITE contains user IDS,SERVICES (IP+PORT)and PASSWD comming dynammically one way from SECURED_SITE (crond+scp) and... before any user can get access onto SECURED_SITE, when writes http://SECURED_SITE, the firewall redirects port 80 onto localhost and request for USER/PASSWORD (in https). everything can be done the same with other services (excluding redirection) User must log in twice After some period of time of inactivity/or verifying opened sockets from SECURED_SITE by FIREWALL (via SECURED_SITE spearate script.php), executed periodiccally and veryfing separate chains (if our firewall is LINUX) or any other script. I use upper config to prevent full opening of ssh port on my servers. A.Binder --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Accessing corporate servers through the web.. Ronish Mehta (Nov 14)
- Re: Accessing corporate servers through the web.. Philip Duldig (Nov 17)
- RE: Accessing corporate servers through the web.. arek (Nov 17)
- Re: Accessing corporate servers through the web.. sNeakEr (Nov 17)
- Re: Accessing corporate servers through the web.. Ronish Mehta (Nov 18)
- Re: Accessing corporate servers through the web.. Ansgar -59cobalt- Wiechers (Nov 17)
- Re: Accessing corporate servers through the web.. Steve (Nov 17)
- <Possible follow-ups>
- Re: Accessing corporate servers through the web.. Chris Berry (Nov 18)
- Re: Accessing corporate servers through the web.. Ansgar -59cobalt- Wiechers (Nov 19)
- Altiris Deployment Server vs. Microsoft SMS ZyberGeek (Nov 23)
- Re: Altiris Deployment Server vs. Microsoft SMS Steve (Nov 24)
- RE: Altiris Deployment Server vs. Microsoft SMS Rod Trent (Nov 25)
- Re: Accessing corporate servers through the web.. Ansgar -59cobalt- Wiechers (Nov 19)
- Re: Accessing corporate servers through the web.. Philip Duldig (Nov 17)