Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: "Brian Steele" <steele_b () spiceisle com>
Date: Mon, 29 Jun 1998 09:23:20 -0400
Just because the MS-Proxy supports this feature, doesn't mean its a requirement for every other firewall. This feature requires that you activate NT Challenge/Response authentication which locks out any Netscape user unless you also allow basic authentication (which is not clear text, but uuencoded and doesn't work transparently).
True, but if Internet Explorer (or Exploder as some say :-)) is provided free with every Win 95 and Win NT box, why would I consider anything else for a PC network? Also, I haven't used Netcape Communicator - does that support NTCR?
In this case users have use the same account for internal systems as for access to the proxy.
Sort of. You can set up a one-way trust relationship with the MSP server, so it doesn't store account information for the user (a possible security risk if the server is compromised).
Some external website might convince users to type their username and password one more time...
Another security risk again, and one that I don't really have an answer for, apart from telling users NOT to use their LAN usernames and passwords when setting up accounts on remote sites - but how do you enforce this? Brian Steele
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 26)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 28)
- Re: Proxy 2.0 secure? Rodney van den Oever (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? NetSurfer (Jun 30)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
(Thread continues...)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)