Re: Proxy 2.0 secure?

["Brian Steele" <steele_b () spiceisle com>]

> > Define "standard technologies" as regards to OS logon validation.
Doesn't
> > everyone has their own standards concerning security mechanisms and their
> > implementation?
>
> I'd prefer to see something OS-independant.


Is such a thing as an "OS-independent" logon validation mechanism?


> > NT provides a mechanism that allows you to logon to a domain of servers
and
> > PCs, and not just one server at a time.  Why shouldn't I take advantage
of
> > this?
>
> a) just because you can't rely on security of PC you try to use for
> network access.

You are NOT relying on the "security of a PC" in the NT domain logon
mechanism. You're relying also on the implementation of that security
mechanism on your LAN.


 b) because it works only if _every_ machine in

> your network can speak M$ that is not always possible.


So the solution is to implement the network around that requirement - which
will bring the additional benefits of the reduced support costs associated
with homogenuous networking as well.


> If you _can_ rely on any PC security and _every_ machine on the net
> speaks M$.. then security issues with M$ proxy itself start to appear ;)


No security issues with MS Proxy have been identified since its launch
(admittedly, that was only last year :-)).


Regards,
Brian Steele