Re: IRC in corporate enviroment

[Joel Eriksson <joel.eriksson () gmail com>]

Oh, so I'm assuming we're talking about an invulnerable browser here then? :)

I think we're all aware of the fact that any common browser has a huge
attack surface, and most certainly will have vulnerabilities. Even
assuming that noone is MITM:ing the connection and that the people
hosting the IRC-to-web-interface service don't have any malicious
intent, we can never rule out the possibility of the
IRC-to-web-interface software being vulnerable to for instance some
method to inject javascript / improper input filtering, which could be
used to inject malicious javascript into the users browser.

Even without exploiting any vulnerabilities in the browser this could
possibly be used to access services on the internal network through
javascript, and possibly do real damage. I would much prefer
restricting the attack surface to a client vulnerability in an SSH
client (which is certainly possible too, but compared to a browser
you're _much_ less exposed). So, +1 to MadHatter's suggestion of
having a linux/unix-server that the employees can SSH into. I don't
want to be offensive, but logging in through some javascript based web
interface is really just a horrible idea and saying that it "resolves
all security issues" is ... Well.. Let's just say less insightful.

Best Regards,
Joel Eriksson

On Tue, Jun 21, 2011 at 12:31 PM, McLean, Thomas
<Thomas.McLean () gha org uk> wrote:
> Let them logon via Javascript webpage over at freenode.net and this will
> resolve all security issues that could arise - they may not like the
> interface, but you are the admin not them.
>
> Thanks,
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Dennis Dayman
> Sent: 18 June 2011 19:48
> To: security-basics () securityfocus com
> Subject: IRC in corporate enviroment
>
> Looking for some pros cons to having IRC connectivity in a corporate
> environment. Our R&D guys would like to join some coding channels to get
> ideas and help, but we are hesitating to allow them for fear of a
> possible hole being opened via an IRC channel and client.
>
> thoughts on pro's or cons?
>
> what is the beat way to implement if it is deemed ok?
>
> -Dennis
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate In this guide
> we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how
> to test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted
> to help you ensure efficient ongoing management of your encryption keys
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
> f727d1
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------------
>
> Disclaimer:
> This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or 
> entity to whom they are addressed. If you are not the intended addressee, or the person responsible for delivering it 
> to them, you may not copy, forward, disclose, rely on or otherwise use it or any part of it in any way. To do so may 
> be unlawful. Any representations, contractual or otherwise, views or opinions presented are solely those of the 
> author and do not necessarily represent those of Glasgow Housing Association Ltd. If you receive this e-mail by 
> mistake, please advise the sender immediately by phoning 0141 274 6200 and delete this e-mail.
> As part of our  Acceptable Use policy Glasgow Housing Association Ltd. monitors e-mail content. This footnote also 
> confirms that this email message has been swept for the presence of computer viruses.
>
> The Glasgow Housing Association Limited is a not-for-profit housing association registered under the Industrial and 
> Provident Societies Act 1965,
> registered no. 2572R(S).  It is also recognised by HM Revenue and Customs as a Scottish Charity (SCO34054) and is 
> registered with
> The Scottish Housing Regulator under the Housing (Scotland) Act 2001 as a registered social landlord, no. 317.  VAT 
> Registration No. 796709466.
> Registered office: Granite House, 177 Trongate, Glasgow G1 5HF
>
> ------------------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
Best Regards,
  Joel Eriksson

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------