[fw-wiz] HTTPS, proxies, and remote developers.

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 06/13/03

  • Next message: Gregory Austin: "Re: [fw-wiz] VA vs PT tool" 
    To: Firewall-Wizards <firewall-wizards@honor.icsalabs.com>
Date: Sat, 14 Jun 2003 01:31:03 +0530

    I recently setup a mailserver for a software development company. The
    server has a web interface through usermin for password changing and
    handling GPG keys, running on a high port.
    This company has software developers located at their client locations,
    in different countries.
    The clients have proxies that block access to https, nor will they
    permit ssh/VPNs from their network to the development company by the
    offsite employees.
    The company has asked about the option of moving this to HTTP, but I have
    advised against it (given that GPG keys *may* be exposed on the
    Internet). If the company insists, I will move them to HTTP, with a
    written warning of the risk they are accepting.

    I do not like the idea of unencrypted communication flowing over the
    Internet for sensitive information. The company IT manager agrees with
    me. The remote client does not like the idea.
    What would be the easiest way to handle this situation? How would you
    resolve a policy issue if one of your clients requires that you use
    unencrypted traffic outbound from their network into yours.
    (Their need to know for traffic on their network against your need for
    security).

    Devdas Bhagat
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Gregory Austin: "Re: [fw-wiz] VA vs PT tool"

    Relevant Pages

    • JOBS: Sr. Embedded Software Developer Openings- F/T - Austin, TX
      ... Write device drivers for network interface and other proprietary ... Embedded Software Applications Engineer- Consumer Audio Decoder Software Dev ... sessions to customers and distributor field application engineers. ... PDA) and help with software development required to ...
      (comp.arch.embedded)
    • A little off topic, but ...
      ... The IT "powers-that-be" have stipulated that all software development ... be performed on a separate network that in no way connects to the "main" ... and burn a DVD to move big database updates back and forth. ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: [fw-wiz] HTTPS, proxies, and remote developers.
      ... > I recently setup a mailserver for a software development company. ... > The company has asked about the option of moving this to HTTP, ... Given the known and limited specific things that the web interface would ... If the client co won't allow outbound encrypted email, ...
      (Firewall-Wizards)
    • Big trouble with nfs
      ... software development. ... It imports many directories from a SuSE linux box ( ... The client is a quite up to date debian testing: ...
      (Debian-User)
    • Need YOur advise
      ... We are discussing with a company for our software development. ... The company will do the development in .NEt and SQL (client server ... Like change in report, Forms or New ...
      (microsoft.public.dotnet.general)