Security Basics mailing list archives
Re: Question about dmz security
From: Chuck Swiger <cswiger () mac com>
Date: Tue, 18 Feb 2003 13:23:56 -0500
mlh () zip com au wrote:
After removing access to the internal lan of course, moving it to properly within the dmz.
We agree about removing the second NIC to the LAN. [ ...reordered... ] > On Sat, Feb 15, 2003 at 01:11:27PM -0500, Chuck Swiger wrote:
However, better configurations may also be possible: in particular, if your users can use scp (sftp, rsync, etc) to access the FTP server. Authenticated access should be encrypted if possible.
> > Easier for the admin and the users would be to put squid > on the box, and have it proxy ftp.I run squid, and I like it for what it does: however, I don't run squid to improve security. Besides, now we've switched from FTP's plaintext authentication to base64 (HTTP's auth/basic), which doesn't get you very far. That's if the admin sets up authentication, and the users use it; mis-configured (or simply open) proxies tend to open all sorts of potentially abusable holes.
Sure, I guess you could get SSL going for squid to make authenticating with the proxy unsniffable, but then you could set up apache+SSL and use WebDAV as a publishing mechanism. MS-Office apparently can do DAV, so your users are covered.
Frankly, "scp -r" or "rsync -a" is much easier. Use the right tool for the job, I say: "rsync" rocks for this type of task.
-Chuck
Current thread:
- Question about dmz security Jennifer Fountain (Feb 14)
- Re: Question about dmz security Johan Denoyer (Feb 17)
- Re: Question about dmz security David M. Fetter (Feb 17)
- RE: Question about dmz security Peter Hamilton (Feb 17)
- RE: Question about dmz security Michael Cunningham (Feb 17)
- RE: Question about dmz security Burton M. Strauss III (Feb 17)
- Re: Question about dmz security Chuck Swiger (Feb 17)
- Re: Question about dmz security mlh (Feb 18)
- Re: Question about dmz security Chuck Swiger (Feb 19)
- Re: Question about dmz security mlh (Feb 18)
- RE: Question about dmz security David Gillett (Feb 19)
- <Possible follow-ups>
- Re: Question about dmz security Chris Berry (Feb 17)
- Question about dmz security John Tolmachoff (Feb 17)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- RE: Question about dmz security Jeremy Gaddis (Feb 20)
- RE: Question about dmz security Daniel R. Miessler (Feb 18)
- Re: Question about dmz security abretten (Feb 17)
- RE: Question about dmz security Garbrecht, Frederick (Feb 17)
- RE: Question about dmz security Marc Suttle (Feb 17)