Security Basics mailing list archives
Re: bypassing proxy
From: Nick Owen <nickowen () mindspring com>
Date: Mon, 26 Feb 2007 11:32:59 -0500
nawalmiftahi () gmail com wrote:
Hii all, i am a security admin with a financial instituation, there's one issue which i would like to clarify , one of our user needs to access a website ( a financial instituation) which he access by giving his username and password+secureid, but the problem here is when he try to access via a proxy (isa server) he's not able to access the above page, and when the proxy is removed he's able to acces the page, the question i wanted to ask you is what is the security issue if allowed by bypassing the proxy or are there anyalternative , and if at all proxy is bypassed , firewall is anywhere there at gateway, and all our port blocking is at firewall and this proxy is used only for log collection and some other stuff, your early reply is highly appreciated . Regards
Chances are that you need to enable authentication caching on the ISA server. Web-apps often request authentication for each request. A page can be a lot of requests, obviously, and on the second request the one-time passcode is no longer valid. I have used imaproxy to accomplish this on webmail and memcached for apache + mod-radius with WiKID OTPs, but I have no experience with ISA, so I cannot make any specific recommendations there. HTH, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication https://www.linkedin.com/in/nickowen --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- bypassing proxy nawalmiftahi (Feb 26)
- RE: bypassing proxy Liam Downward (Feb 26)
- Re: bypassing proxy Nick Owen (Feb 26)
- <Possible follow-ups>
- RE: bypassing proxy G. Purushotham Reddy (Feb 27)