Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 17 Mar 2006 09:33:59 +1300
Simon Smith wrote:
My concern isn't firewall management. My concern isn't with SSL going over the Internet. My concern is more with SSL on a LAN and that this IT tool and other similar tools can be compromised easily once a LAN is penetrated. Providing an extra layer of security within the SSL tunnel would help to prevent this tool and others like it from being compromised so easily. My first thought was on how to harden the authentication because the basic auth didn't cut it for me. Thats what I am looking for ideas for.
So, buy decent switches -- you know, properly configurable, managed ones -- and implement strict access control policies for _ALL_ equipment connected to the LAN. Machine0001 with MAC ###### must connect to port 123 in room 101 of Building 3, etc, etc. Disable _ALL_ unused ports. Prevent all unknown devices from accessing the LAN at all. Set serious alarms on all unknown device appearances, "unexpected" device disconnections, etc. It's still not perfect, but _nothing is_ remember... However, it will also (partly) fix a whole bunch of other problems for you as well. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Andrew Simmons (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Mike Owen (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Gary E. Miller (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 16)
- Re: HTTP AUTH BASIC monowall. Felix Lindner (Mar 17)
- Re: HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Jason (Mar 17)
- Re: HTTP AUTH BASIC monowall. Mark Coleman (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)