Re: bypassing proxy

From: Nick Owen <nickowen@xxxxxxxxxxxxxx>
Date: Mon, 26 Feb 2007 11:32:59 -0500

nawalmiftahi@xxxxxxxxx wrote:

Hii all, i am a security admin with a financial instituation, there's
one issue which i would like to clarify , one of our user needs to
access a website ( a financial instituation) which he access by
giving his username and password+secureid, but the problem here is
when he try to access via a proxy (isa server) he's not able to
access the above page, and when the proxy is removed he's able to
acces the page, the question i wanted to ask you is what is the
security issue if allowed by bypassing the proxy or are there
anyalternative , and if at all proxy is bypassed , firewall is
anywhere there at gateway, and all our port blocking is at firewall
and this proxy is used only for log collection and some other stuff,
your early reply is highly appreciated . Regards

Chances are that you need to enable authentication caching on the ISA
server. Web-apps often request authentication for each request. A page
can be a lot of requests, obviously, and on the second request the
one-time passcode is no longer valid. I have used imaproxy to
accomplish this on webmail and memcached for apache + mod-radius with
WiKID OTPs, but I have no experience with ISA, so I cannot make any
specific recommendations there.

HTH,

Nick

--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

References:
- bypassing proxy
  - From: nawalmiftahi

Prev by Date: Re: Discovering network topology
Next by Date: Hacking Book / Information
Previous by thread: RE: bypassing proxy
Next by thread: RE: bypassing proxy
Index(es):
- Date
- Thread

Relevant Pages

RE: HttpWebRequest over Https Via Proxy Fails using NTLM
... The proxy authentication header returns Basic, NTLM, and Negotiate. ... A network trace shows that the https request handshake is as follows: ...
(microsoft.public.dotnet.framework.aspnet)
RE: HttpWebRequest over Https Via Proxy Fails using NTLM
... request a resource over HTTPS is failing following the installation of a new ... proxy server on our internal network with 407 Proxy Authentication Required. ... Is there any way to debug the ntlm authentication module to see exactly what ...
(microsoft.public.dotnet.framework.aspnet)
HttpWebRequest over Https Via Proxy Fails using NTLM
... proxy server on our internal network with 407 Proxy Authentication Required. ... The same request through the old proxy succeeds. ... Is there any way to debug the ntlm authentication module to see exactly what ...
(microsoft.public.dotnet.framework.aspnet)
Re: Proxy server with HttpListener
... class using sockets that will write the authentication details to your ... that captured HTTP request to your company proxy. ... How can I send the HttpListenerRequest to the internet and put the ...
(microsoft.public.dotnet.framework.webservices)
Webservices Basic Authentication Bottlenecks
... I am connecting a .NET serviceto a .NET WebService via a Squid ... Proxy running basic authentication. ... To make this work I have created a webproxy and set it to each request. ... When the request is made the proxy first fires back a 407 Proxy ...
(microsoft.public.dotnet.framework.aspnet.webservices)