Security Basics mailing list archives
Re: RPC over HTTP security
From: Barrie Dempster <barrie () reboot-robot net>
Date: Thu, 03 Feb 2005 15:16:38 +0000
On Tue, 2005-02-01 at 22:46 -0500, Steve wrote:
We ran OWA with SSL, didn't mean our server didn't get owned by a hacker. Consider running a reverse proxy 'nix based box in front of your OWA box which runs on IIS. STEVE
And then what? Reverse NAT passing through a NIX box offers absolutely no security at all unless the NIX box has an IPS/IDS or something of that ilk setup on it which you could easily have on the firewall that is between the OWA box and the net. Having a NIX box in place doesn't offer any security above having a firewall unless the NIX box actually has something running on it. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: RPC over HTTP security Shawn Wall (Jan 31)
- <Possible follow-ups>
- RE: RPC over HTTP security Depp, Dennis M. (Feb 01)
- Re: RPC over HTTP security Steve (Feb 02)
- Re: RPC over HTTP security Barrie Dempster (Feb 03)
- Re: RPC over HTTP security Ansgar -59cobalt- Wiechers (Feb 04)
- Re: RPC over HTTP security Barrie Dempster (Feb 07)
- Re: RPC over HTTP security Barrie Dempster (Feb 03)