Re: Proxy 2.0 secure?

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

"Brian Steele" <steele_b () spiceisle com> said :

> > > Try reassigning IP addresses to 200 PCs.  Or 2000.  Remember, each PC at
> > > least on my LAN MUST have a registered name, they are not referenced by
> IP
> > > address, so your DNS config has to be updated as well.
> It's going to take you a LOT longer than two minutes to do that, starting
> with writing that Perl script. 

Not so long ;).. i bet i can do in 2 minutes ;)
 
> > Ok, i was incorrect. It will fail in heterogenous world, _except_ things
> > that do have MS-aware hooks on it. I think it's better don't rely on
> > MS hooks and just to use standard technologies.
 
> Define "standard technologies" as regards to OS logon validation.  Doesn't
> everyone has their own standards concerning security mechanisms and their
> implementation?

I'd prefer to see something OS-independant. 

> NT provides a mechanism that allows you to logon to a domain of servers and
> PCs, and not just one server at a time.  Why shouldn't I take advantage of
> this?

a) just because you can't rely on security of PC you try to use for
network access. b) because it works only if _every_ machine in
your network can speak M$ that is not always possible.

If you _can_ rely on any PC security and _every_ machine on the net 
speaks M$.. then security issues with M$ proxy itself start to appear ;) 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNZgK2KH/mIJW9LeBAQFnagP/VQ7veSyzEEWXABUoPn5gcA6auQwY+JLj
yolmbvpX3VPxLettQdqExlFxII9kXK8IcooV4aBPl6+KSNtXlzc9MAZUh4oNL39e
bD79FrI7aGY6mNFMECt2glleUjwv8c0+FE08JCNVFuoJaSIyebB3wi2A5wx12KL9
c3nMxLxQLEs=
=YE8c
-----END PGP SIGNATURE-----