Re: Proxy 2.0 secure?

["Brian Steele" <steele_b () spiceisle com>]

> > Is such a thing as an "OS-independent" logon validation mechanism?
>
> Any non-transparent protocol-dependant technique or any mechanism that
> relies on cleint's IP address.


Should I repeat my donkey-cart and car analogy?  I do not NEED any security
tools that rely on a client's IP address on my LAN.  I do not WANT any
security tools that rely on a client's IP address on my LAN.


> You do. The point of discussion was that NT domain logon mechanism lets
> you authenticate from any PC in the network transparently - and then i
> called this technique say, not as good as it seems,
> because it relies on cleint PC's security. If the machine is not trusted,
> how can you do something sensitive from it?


I still don't see the connection you're trying to make between PC security
and NT domain security. The only connection I can see between the two is if
you configure the PC to autologon to the NT LAN, using a stored username and
password (in which case you're going to have considerably more security
problems than outgoing access through a Proxy Server).


> It is (at least!) as insecure as underlying NT is. More than enough for
> me.


The "insecure" NT mechanism has proven itself secure enough for my needs.
Care to state why you think it's insecure?  The following link might be of
interest concerning the "insecurity" of NT:


http://www.tbg.com/login/micrsoft.htm


Regards,
Brian Steele