Firewall Wizards mailing list archives
Re: how prevelant
From: Kevin <KKadow () gmail com>
Date: Mon, 11 Oct 2004 22:23:28 -0500
On Mon, 11 Oct 2004 15:47:29 -0400 (EDT), Paul D. Robertson <paul () compuwar net> wrote:
On Fri, 8 Oct 2004, R. DuFresne wrote:how common is it for a company to have it's NT domain and novell athentication pass openly across the internet, and have this be the requirement to access VPN tunnel rights from outside into the company?
Can you elaborate on what you mean by "openly"/ What type of VPN?
On purpose? Probably pretty uncommon these days. There were some Microsoft products that required it for Web server management- I don't recall the product or the exact setup that required it, but outside of a hosting environment, it's not all that common.
If you scan for HTTP headers, you'll run across numerous sites which request NTLM authentication, which is the most common way in which a company exposes NT domain credentials to the Internet. These are a real problem for squid caches and proxy firewalls, as it is difficult if not impossible to successfully pass NTLM authentication across a proxy (One exception might be Microsft's own ISA proxy "firewall" product). Secondly, sites running Microsoft Outlook Web Access (OWA) almost universally use domain credentials for OWA authentication (but not NTLM), however this should only be happening inside SSL, not in the clear. Kevin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- how prevelant R. DuFresne (Oct 11)
- Re: how prevelant Paul D. Robertson (Oct 11)
- Re: how prevelant Kevin (Oct 12)
- Re: how prevelant Jason Lewis (Oct 11)
- Re: how prevelant Kevin Sheldrake (Oct 12)
- Re: how prevelant ArkanoiD (Oct 12)
- <Possible follow-ups>
- Re: how prevelant Brian Ford (Oct 12)
- RE: how prevelant Melson, Paul (Oct 12)
- Re: how prevelant Paul D. Robertson (Oct 11)