RE: Accessing corporate servers through the web..

arek_at_chelmnet.pl
Date: 11/17/03

  • Next message: Vishal: "Re[2]: Suggested "safe" password length" 
    To: "Security-Basics@Securityfocus. Com" <security-basics@securityfocus.com>
Date: Mon, 17 Nov 2003 22:14:48 +0100

    I think, that it is good, to make some distributed firewall config from
    spearate server www onto firewall.

    INTERNET----FW----SECURED_SITE
                     |
                     |-FIREWALL_WWW_SITE

    the FIREWALL_WWW_SITE contains user IDS,SERVICES (IP+PORT)and PASSWD comming
    dynammically one way from SECURED_SITE (crond+scp)
    and...
    before any user can get access onto SECURED_SITE, when writes
    http://SECURED_SITE, the firewall redirects port 80 onto localhost and
    request for USER/PASSWORD (in https).
    everything can be done the same with other services (excluding redirection)
    User must log in twice
    After some period of time of inactivity/or verifying opened sockets from
    SECURED_SITE by FIREWALL (via SECURED_SITE spearate script.php), executed
    periodiccally and veryfing separate chains (if our firewall is LINUX) or any
    other script.

    I use upper config to prevent full opening of ssh port on my servers.

    A.Binder

    ---------------------------------------------------------------------------
    Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
    The Presidio integrates PGP data encryption and XML Web Services security to
    simplify the management and deployment of PGP and reduce overall PGP costs
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial -
    http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
    ----------------------------------------------------------------------------

  • Next message: Vishal: "Re[2]: Suggested "safe" password length"

    Relevant Pages

    • Re: Home firewall Hits
      ... >Port 162 with a UDP message. ... than theres nothing blocking access from the internet to your router. ... >Subject: Home firewall Hits ... >simplify the management and deployment of PGP and reduce overall PGP costs ...
      (Security-Basics)
    • Re: Teleworking
      ... Cisco VPN Client running on local PC ... ADSL router runing VPN passthrough and full firewall ... > simplify the management and deployment of PGP and reduce overall PGP ...
      (Security-Basics)
    • RE: Home firewall Hits
      ... Subject: Home firewall Hits ... >Port 162 with a UDP message. ... >simplify the management and deployment of PGP and reduce overall PGP costs ...
      (Security-Basics)
    • Re: Blocking GoToMyPC
      ... service by using your firewall to block access to the host poll.gotomypc.com. ... PGP / XML GATEWAY APPLIANCE ...
      (Security-Basics)
    • Re: Personal firewall with no user-interaction
      ... Best regards ... >> troubled with technical questions. ... > probably are not interested in installing PGP, but the PGP firewall ...
      (comp.security.firewalls)