Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how prevelant

From: Kevin <KKadow () gmail com>
Date: Mon, 11 Oct 2004 22:23:28 -0500
On Mon, 11 Oct 2004 15:47:29 -0400 (EDT), Paul D. Robertson
<paul () compuwar net> wrote:

On Fri, 8 Oct 2004, R. DuFresne wrote:


how common is it for a company to have it's NT domain and novell
athentication pass openly across the internet, and have this be the
requirement to access VPN tunnel rights from outside into the company?


Can you elaborate on what you mean by "openly"/  What type of VPN?  


On purpose?  Probably pretty uncommon these days.  There were some
Microsoft products that required it for Web server management- I don't
recall the product or the exact setup that required it, but outside of a
hosting environment, it's not all that common.


If you scan for HTTP headers, you'll run across numerous sites which
request NTLM authentication, which is the most common way in which a
company exposes NT domain credentials to the Internet.  These are a
real problem for squid caches and proxy firewalls, as it is difficult
if not impossible to successfully pass NTLM authentication across a
proxy (One exception might be Microsft's own  ISA proxy "firewall"
product).

Secondly, sites running Microsoft Outlook Web Access (OWA) almost
universally use domain credentials for OWA authentication (but not
NTLM), however this should only be happening inside SSL, not in the
clear.

Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: