Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: ark () eltex ru
Date: Tue, 30 Jun 1998 13:22:51 GMT
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, "Brian Steele" <steele_b () spiceisle com> said :
Define "standard technologies" as regards to OS logon validation.Doesn'teveryone has their own standards concerning security mechanisms and their implementation?I'd prefer to see something OS-independant.
Is such a thing as an "OS-independent" logon validation mechanism?
Any non-transparent protocol-dependant technique or any mechanism that relies on cleint's IP address.
NT provides a mechanism that allows you to logon to a domain of serversandPCs, and not just one server at a time. Why shouldn't I take advantageofthis?a) just because you can't rely on security of PC you try to use for network access.You are NOT relying on the "security of a PC" in the NT domain logon mechanism. You're relying also on the implementation of that security mechanism on your LAN.
You do. The point of discussion was that NT domain logon mechanism lets you authenticate from any PC in the network transparently - and then i called this technique say, not as good as it seems, because it relies on cleint PC's security. If the machine is not trusted, how can you do something sensitive from it?
b) because it works only if _every_ machine inyour network can speak M$ that is not always possible.So the solution is to implement the network around that requirement - which will bring the additional benefits of the reduced support costs associated with homogenuous networking as well.
It might be good solution if you _know_ you do not need much flexibility. This solution can be cheap - imho not as cheap as it seems - but not flexible enough for many real-world demands. And.. trying to get not so flexible system to do things that it is not supposed to is damn NOT cheap.
If you _can_ rely on any PC security and _every_ machine on the net speaks M$.. then security issues with M$ proxy itself start to appear ;)No security issues with MS Proxy have been identified since its launch (admittedly, that was only last year :-)).
It is (at least!) as insecure as underlying NT is. More than enough for me. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNZjmqqH/mIJW9LeBAQE+BQP+LAOr3V60QZuQG3PHyq+PmEh21FIn/M8m vC7DICZnPzfEah3fMlvuvTpq7acpK4a1+Pd25lQTKLk6hJLKHFmcLfpJwW2rFggq wpzaUo1U2ts5j2gchGzS0SzHUHGTHvgaNNvHxDhGxi7IkpnujhdZeL4yHCKjO1za 1n+AWIrgJVo= =7A8Y -----END PGP SIGNATURE-----
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? Ryan Russell (Jun 29)
- Re: Proxy 2.0 secure? tqbf (Jun 29)
- Re: Proxy 2.0 secure? Peter Jeremy (Jun 30)
- Re: Proxy 2.0 secure? tqbf (Jun 30)
- Re: Proxy 2.0 secure? ark (Jun 30)
- RE: Proxy 2.0 secure? Safier, Adam (GEIS) (Jun 30)