Re: Basic directory security question

From: x y (jamescagney90210@excite.com)
Date: 05/17/02


From: "x y" <jamescagney90210@excite.com>
Date: Fri, 17 May 2002 17:23:33 -0400


It is not really recommended, unless the person has installed VPN software
to connect to your internal network. The password is not in plain text, but
it is a hash that can be decoded by, say, L0phtcrack and turned into a
password. Also, you should have a firewall in front of your web server that
blocks windows networking e.g. Netbios, as this is a large vulnerability.
However, if you have no firewall, the user is using windows and IE, it could
theoretically work.

"Mike" <merter.nospam@nospam.attbi.com> wrote in message
news:u4mDqvc$BHA.2540@tkmsftngp05...
> Thank you... Will the Integrated Windows Authentication allow internet
users
> to pass a user name and password for an account local to the server (with
> permissions to the directory)? And will it NOT be in clear text? Thanks...
>
> "x y" <jamescagney90210@excite.com> wrote in message
> news:O867PBa$BHA.1680@tkmsftngp04...
> > www.iisfaq.com will answer this and other questions.
> >
> > You use both. You use NTFS permissions on the directory containing your
> > content to grant read-only access to the necessary users [and if
security
> is
> > a big issue for you, you may need to also remove IUSR_ and maybe IWAM
from
> > having rights to that folder]. Also, in the IIS MMC, on the security
tab,
> > you disable anonymous authentication and enable basic authentication [if
> the
> > users are going through a firewall or are not using internet explorer or
> are
> > not using windows] or windows integrated authentication [usually if the
> > users are inside a company network]. Note that with basic
authentication,
> > the passwords are passed on the internet in plain text, which makes them
> > theoretically vulnerable to a hacker running a sniffer program. However
> if
> > this is a small, low security site, this might not be such a big risk.
> >
> > If this bothers you, use an SSL certificate to set up HTTPS: [
> > www.iisfaq.com/ssl explains how] or use OpenSSH [free] or VPN if you
have
> > VPN capabilities. Reliable SSL certificates generally start around $120
a
> > year from www.sitecertificates.com You can find and install test
> > certificates that will work, but the user will get a popup message
> claiming
> > that there is a problem with the web site certificate when they visit
your
> > site. Verisign.com has test certificates, and
www.microsoft.com/download
> > has a makecert utility that will let you make your own cert.
> >
> >
> >
> > "Mike" <merter.nospam@nospam.attbi.com> wrote in message
> > news:OZoMuiT$BHA.1144@tkmsftngp02...
> > > I have to create a site on a public web server that will allow read
> access
> > > to a group of users based on a user account on the domain the web
server
> > is
> > > a member of (no anonymous access). How might I set up directory
> security
> > to
> > > accomplish this? Or, would I somehow use NTFS security? Any
suggestions
> > > appreciated!
> > >
> > >
> >
> >
>
>



Relevant Pages

  • Re: Newsgroup filtering with host server software
    ... you cannot plug in to the customers network you can still get at your ... the internet before it hit my inbox. ... Practical UNIX and Internet Security Practical UNIX and Internet ...
    (comp.security.firewalls)
  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
    (Fedora)
  • Re: Home wireless free hotspot
    ... Someone should create a security focus risk acceptance form that can be digitally signed so when a question that is legally and/or ethically questionable arises, everyone will be on the same page. ... Internet Security ADA ... "I would like to set up a wireless network ... There are of course some possible issues with sharing your internet connection including you may become legally liable for all actions your neighbours perform online, potentially if you have internet limits imposed you may exceed them. ...
    (Security-Basics)
  • Re: netbios vuln
    ... > finally is it just the author of the article (who is not a security ... <<blah, blah, blah>> ... network protocols and services on thoses OSes such that, by default, ... nearly every such machine with an Internet connection will be ...
    (Incidents)
  • Re: Microsoft declares security is NOT its top priority
    ... | by Bruce Schneier, Network World ... is security Microsoft's top priority? ... | does to secure their computers and networks. ... | When many unsecure computers are connected to the Internet, ...
    (microsoft.public.windowsxp.basics)