Security Basics mailing list archives
RE: Wireless hotspot login pages
From: "Kavesh Moodley" <Kavesh.Moodley () hss health nsw gov au>
Date: Sun, 30 May 2010 14:37:15 +1000
I know there is a lot of caveats, however, I think Mozilla Browser will be configurable and you may be able to get around the GPO settings, by having users use this for when you want to use WIFI. Not 100% on this, so I apologise in advance if I was wrong. However, this does pose the possibility that users will be now able to bypass what restrictions you have put in place once they know they can untick the proxy settings there. I think a more secure solution for this would be a HIPS client or Client/Host firewall that restricts access to only your CAG. Regards, Kavesh -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Paul Johnston Sent: Friday, 28 May 2010 5:42 PM To: security-basics () securityfocus com Subject: Wireless hotspot login pages Hi, I have a client who restricts their mobile workers' browsers so they can only access a single site - the client's citrix access gateway. They don't want users directly browsing the Internet out of the office - because of both malware and AUP concerns. They enforce this by setting the proxy to the corporate proxy (only accessible in the office), having a proxy exclusion for the CAG, and preventing users editing the settings. This all works fine for use on home broadband (wired/wireless) and 3G. However, it falls down for Wireless Hotspots. Many of these have a browser-based login page. The proxy configuration prevents access to the login page, stopping the hot spot being used at all. This must be a problem a lot of people have hit. How do you allow access to Hot spot login pages, but not web pages in general? Any suggestions much appreciated, Paul -- Pentest - When a tick in the box is not enough Paul Johnston - IT Security Consultant / Tiger SST Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982) Office: +44 (0) 161 233 0100 Mobile: +44 (0) 7817 219 072 Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy Registered Number: 4217114 England & Wales Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of NSW Health or any of its entities. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Wireless hotspot login pages Paul Johnston (May 28)
- Re: Wireless hotspot login pages Rafael Correia (May 28)
- Re: Wireless hotspot login pages Edd Burgess (May 31)
- RE: Wireless hotspot login pages Kavesh Moodley (May 31)
- Re: Wireless hotspot login pages Rafael Correia (May 28)