Security Basics mailing list archives
Re: RPC over HTTP security
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 4 Feb 2005 10:54:54 +0100
On 2005-02-03 Barrie Dempster wrote:
On Tue, 2005-02-01 at 22:46 -0500, Steve wrote:We ran OWA with SSL, didn't mean our server didn't get owned by a hacker. Consider running a reverse proxy 'nix based box in front of your OWA box which runs on IIS.And then what? Reverse NAT passing through a NIX box offers absolutely no security at all unless the NIX box has an IPS/IDS or something of that ilk setup on it which you could easily have on the firewall that is between the OWA box and the net.
Reverse proxying and NAT are two different things.
Having a NIX box in place doesn't offer any security above having a firewall unless the NIX box actually has something running on it.
That's why it has. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
Current thread:
- RE: RPC over HTTP security Shawn Wall (Jan 31)
- <Possible follow-ups>
- RE: RPC over HTTP security Depp, Dennis M. (Feb 01)
- Re: RPC over HTTP security Steve (Feb 02)
- Re: RPC over HTTP security Barrie Dempster (Feb 03)
- Re: RPC over HTTP security Ansgar -59cobalt- Wiechers (Feb 04)
- Re: RPC over HTTP security Barrie Dempster (Feb 07)
- Re: RPC over HTTP security Barrie Dempster (Feb 03)