Re: Proxy 2.0 secure?

["Brian Steele" <steele_b () spiceisle com>]

> Just because the MS-Proxy supports this feature, doesn't mean its a
> requirement for every other firewall. This feature requires that you
> activate NT Challenge/Response authentication which locks out any
> Netscape user unless you also allow basic authentication (which is
> not clear text, but uuencoded and doesn't work transparently).


True, but if Internet Explorer (or Exploder as some say :-)) is provided
free with every Win 95 and Win NT box, why would I consider anything else
for a PC network?  Also, I haven't used Netcape Communicator - does that
support NTCR?


> In this case users have use the same account for internal systems as for
> access to the proxy.

Sort of.  You can set up a one-way trust relationship with the MSP server,
so it doesn't store account information for the user (a possible security
risk if the server is compromised).


> Some external website might convince users to type
> their username and password one more time...


Another security risk again, and one that I don't really have an answer for,
apart from telling users NOT to use their LAN usernames and passwords when
setting up accounts on remote sites - but how do you enforce this?


Brian Steele