Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: "Rodney van den Oever" <roever () nse simac nl>
Date: Mon, 29 Jun 1998 07:55:04 +0200
Dynamic DHCP is _BAD_. I see no reason for anyone to use it.
And why is it bad? Almost everyone I've spoken with suggest dynamic IP allocation for the PCs on our LAN, and the use of WINS/DNS for name resolving (MS's implementation of DNS uses WINS to determine the names associated with each PC, so there's really no need for static addressing).
I agree with you here, authentication/authorization based on something static, be it MAC-, IP-address or password is bad anyway.
A static addressing scheme will be a nightmare on our LAN, particularly as we're facing a potential IP renumbering exercise when our LAN is connected via TCP/IP to the other business units.
You probably need to use a firewall anyway, so NAT and/or proxies will solve this one.
Will I be able to move to another PC and continue to enjoy my privileged access to the Internet without any reconfiguration on the
part
ofthe PC or the server, while another user is only allowed HTTP access to certain sites from my PC, based on his authentication level under NT,againall transparently?
Just because the MS-Proxy supports this feature, doesn't mean its a requirement for every other firewall. This feature requires that you activate NT Challenge/Response authentication which locks out any Netscape user unless you also allow basic authentication (which is not clear text, but uuencoded and doesn't work transparently).
Are you _sure_ you _need_ that? Are you sure it is a good idea from the security viewpoint? I'd better not to allow such things.I'm firmly on the side of the one username/ one password security scheme
for
an internal LAN - otherwise moronic users (and the level of "moronity"
seems
to rise the further you go up in management, which tend to have access to more confidential information than the rank and file) who are assigned multiple usernames/passwords would tend to write them down or otherwise
take
note of them to remember them - BIG security risk.
In this case users have use the same account for internal systems as for access to the proxy. Some external website might convince users to type their username and password one more time... -- Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53 When asked by an anthropologist what the Indians called America before the white man came, an Indian said simply "ours". - Vine Deloria, Jr.
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 26)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 28)
- Re: Proxy 2.0 secure? Rodney van den Oever (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? NetSurfer (Jun 30)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 29)
(Thread continues...)