[fw-wiz] HTTPS, proxies, and remote developers.

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 06/13/03

  • Next message: Gregory Austin: "Re: [fw-wiz] VA vs PT tool"
    To: Firewall-Wizards <firewall-wizards@honor.icsalabs.com>
    Date: Sat, 14 Jun 2003 01:31:03 +0530
    
    

    I recently setup a mailserver for a software development company. The
    server has a web interface through usermin for password changing and
    handling GPG keys, running on a high port.
    This company has software developers located at their client locations,
    in different countries.
    The clients have proxies that block access to https, nor will they
    permit ssh/VPNs from their network to the development company by the
    offsite employees.
    The company has asked about the option of moving this to HTTP, but I have
    advised against it (given that GPG keys *may* be exposed on the
    Internet). If the company insists, I will move them to HTTP, with a
    written warning of the risk they are accepting.

    I do not like the idea of unencrypted communication flowing over the
    Internet for sensitive information. The company IT manager agrees with
    me. The remote client does not like the idea.
    What would be the easiest way to handle this situation? How would you
    resolve a policy issue if one of your clients requires that you use
    unencrypted traffic outbound from their network into yours.
    (Their need to know for traffic on their network against your need for
    security).

    Devdas Bhagat
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Gregory Austin: "Re: [fw-wiz] VA vs PT tool"

    Relevant Pages

    • JOBS: Sr. Embedded Software Developer Openings- F/T - Austin, TX
      ... Write device drivers for network interface and other proprietary ... Embedded Software Applications Engineer- Consumer Audio Decoder Software Dev ... sessions to customers and distributor field application engineers. ... PDA) and help with software development required to ...
      (comp.arch.embedded)
    • Re: Trouble understanding clause in software development contract
      ... I've recently found my first client for my new software development ... and have found a simple software development contract to use. ... Another problem is that it was obviously written with US law in mind, ...
      (uk.legal)
    • A little off topic, but ...
      ... The IT "powers-that-be" have stipulated that all software development ... be performed on a separate network that in no way connects to the "main" ... and burn a DVD to move big database updates back and forth. ...
      (microsoft.public.dotnet.languages.csharp)
    • Position for Sr. Software Development Engineer Consultant | PA, Pittsburgh | 6 Months + |
      ... I am currently in search of an experienced Software Development ... Client / server software development experience. ... Technical writing, system documentation, design document-management ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: [fw-wiz] HTTPS, proxies, and remote developers.
      ... > I recently setup a mailserver for a software development company. ... > The company has asked about the option of moving this to HTTP, ... Given the known and limited specific things that the web interface would ... If the client co won't allow outbound encrypted email, ...
      (Firewall-Wizards)