Security Basics mailing list archives
Re: RE: Securing eRIC express
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 4 Jan 2007 22:19:06 +0100
On 2007-01-03 barcajax () gmail com wrote:
Connecting that server directly to the Internet is a big NO NO.
Why? If the server doesn't provide any services that don't need to be publicly available I don't see what's wrong with directly connecting it.
Btw is this the card you are referring to? http://www.techland.co.uk/index/eric According to this link, you can set up an encrypted channel using "HTTPS protocol or socket security layer SSL2.3".
More likely it's this one: http://www.raritan.info/products/embedded_products/eric_express/prd_cms_index.aspx?currpg=prd_cms_index&name=eRIC%20express&content_category=1&overview_flag=Y&features_flag=Y&spec_flag=Y&support_flag=Y&status=4
I suggest setting up VPN tunnel to this site followed by HTTPS on top of that. Limit the number of login attempts to this box as well.
If I understand the OP correctly then setting up a VPN is something he cannot do, because the server is hosted in a datacenter which he has no control over. Besides, HTTPS (maybe with client certificates) should suffice, unless his security requirements are unusually high for a scenario that simple. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Nick Owen (Jan 02)
- RE: Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Paul daSilva (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Nick Owen (Jan 02)
- Re: Securing eRIC express Ansgar -59cobalt- Wiechers (Jan 04)
- <Possible follow-ups>
- Re: RE: Securing eRIC express barcajax (Jan 04)
- Re: RE: Securing eRIC express Ansgar -59cobalt- Wiechers (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 04)
- Re: RE: Securing eRIC express vladimir . jirasek (Jan 04)