Firewall Wizards mailing list archives
Re: Perhaps off-topic WinGate Proxy
From: "Rodney van den Oever" <roever () nse simac nl>
Date: Fri, 27 Nov 1998 23:10:56 +0100
Does anyone have information on security risks posed by WinGate. Are there any special precautions that should be taken on the machine that is the WinGate server? Any information would be appreciated. Thanks, Dave Olsen
1. Only run it on a machine with two interfaces so you can isolate your internal LAN and create a DMZ. 2. Make sure you bind the proxies only to the internal interface, e.g. 192.168.1.1. Don't use the default '0.0.0.0', because this allows anyone from the outside to connect to the telnet proxy or use the http-proxy with the HTTP CONNECT option like: # telnet wingate 80 CONNECT intranet.domain.com:23 HTTP/1.0 <cr> <cr> 3. Only install the options you really need and delete unnecessary proxies afterwards. You probably need the DNS-, SMTP-, WWW (HTTP/FTP)- and maybe NNTP-proxy. Activate web-caching to save some bandwidth. 4. Always use a seperate exterior router and apply filters to it. Don't allow anyone to setup connections to the WinGate proxy apart from E-mail (SMTP). Make sure the router-platform you choose understands 'established' sessions, like a Livingston (Lucent) or Cisco router. 5. If possible, use an internal router to also limit connections from the WinGate server to your internal systems, e.g. only allow SMTP to/from the internal mailserver, only allow outgoing HTTP. Allow DNS (UDP/TCP 53) between the WinGate server and your internal mailserver. -- Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53 And Jesus said unto them, 'And whom do you say that I am?' And they replied, 'You are the eschatological manifestation of the kerygma of our being, the ontological foundation of the context of our very selfhood revealed.' And Jesus said, 'What?' (source unknown).
Current thread:
- Perhaps off-topic WinGate Proxy Jefferson County Rural Library (Nov 27)
- Re: Perhaps off-topic WinGate Proxy Adam Shostack (Nov 29)
- Re: Perhaps off-topic WinGate Proxy Steve George (Nov 29)
- <Possible follow-ups>
- Re: Perhaps off-topic WinGate Proxy Rodney van den Oever (Nov 29)