Firewall Wizards mailing list archives
RE: RPCs over HTTPS through the firewall
From: Mark Tinberg <mtinberg () securepipe com>
Date: Thu, 24 Apr 2003 18:45:21 -0500 (CDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 Apr 2003, Ben Nagy wrote: [snip]
Finally, "conventional" port 443 traffic basically contains unsecured, unsecureable rubbish, passing through the firewall encrypted, so that it's all one Big River of Risk as far as an admin is concerned. Does it matter much if we add RPC to the sludge? Nnnnnnnope.
I would not agree with that. HTTP traffic over 443 or 80 has a similar risk profile, although encrypting traffic over 443 prevents several types of shenanigans that can be had on the intervening network links. RPC on the other hand generally exposes a much richer interface, directly into the core of the OS that generally was never designed with security as even a tertiary concern. There are way more things that can go wrong and you have far less access control opportunities than with a web service. I would say that allowing RPC from random hosts on the Internet without at least authenticating the source before allowing the traffic through is a no-go. - -- Mark Tinberg <MTinberg () securepipe com> Network Security Engineer, SecurePipe Inc. New Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67 Your daily fortune . . . Weekends were made for programming. - - Karl Lehenbauer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iEYEARECAAYFAj6odxIACgkQFu7F5OUjbGdQCACePPwKd2geMkSqby535hbZdUD7 frkAn2srPeYBSkMC0EL1AxA8/J6KyarT =Yx8o -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RPCs over HTTPS through the firewall david singleton (Apr 21)
- Re: RPCs over HTTPS through the firewall Volker Tanger (Apr 22)
- RE: RPCs over HTTPS through the firewall Ben Nagy (Apr 22)
- RE: RPCs over HTTPS through the firewall Mark Tinberg (Apr 25)
- RE: RPCs over HTTPS through the firewall Ben Nagy (Apr 25)
- RE: RPCs over HTTPS through the firewall Gwendolynn ferch Elydyr (Apr 25)
- RE: RPCs over HTTPS through the firewall Mark Tinberg (Apr 25)