Security Basics mailing list archives

Re: bypassing proxy

From: Nick Owen <nickowen () mindspring com>
Date: Mon, 26 Feb 2007 11:32:59 -0500

nawalmiftahi () gmail com wrote:

Hii all, i am a security admin with a financial instituation, there's
one issue which i would like to clarify , one of our user needs to
access a website ( a financial instituation) which he access by
giving his username and password+secureid, but the problem here is
when he try to access via a proxy (isa server) he's not able to
access the above page, and when the proxy is removed he's able to
acces the page, the question i wanted to ask you is what is the
security issue if allowed by bypassing the proxy or are there
anyalternative , and if at all proxy is bypassed , firewall is
anywhere there at gateway, and all our port blocking is at firewall
and this proxy is used only for log collection and some other stuff,
 your early reply is highly appreciated . Regards


Chances are that you need to enable authentication caching on the ISA
server.  Web-apps often request authentication for each request.  A page
can be a lot of requests, obviously, and on the second request the
one-time passcode is no longer valid.  I have used imaproxy to
accomplish this on webmail and memcached for apache + mod-radius with
WiKID OTPs, but I have no experience with ISA, so I cannot make any
specific recommendations there.

HTH,

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Current thread:

bypassing proxy nawalmiftahi (Feb 26)
- RE: bypassing proxy Liam Downward (Feb 26)
- Re: bypassing proxy Nick Owen (Feb 26)
- <Possible follow-ups>
- RE: bypassing proxy G. Purushotham Reddy (Feb 27)