Home page logo
/

basics logo Security Basics mailing list archives

RE: Accessing corporate servers through the web..
From: <arek () chelmnet pl>
Date: Mon, 17 Nov 2003 22:14:48 +0100

I think, that it is good, to make some distributed firewall config from
spearate server www onto firewall.


INTERNET----FW----SECURED_SITE
                 |
                 |-FIREWALL_WWW_SITE


the FIREWALL_WWW_SITE contains user IDS,SERVICES (IP+PORT)and PASSWD comming
dynammically one way from SECURED_SITE (crond+scp)
and...
before any user can get access onto SECURED_SITE, when writes
http://SECURED_SITE, the firewall redirects port 80 onto localhost and
request for USER/PASSWORD (in https).
everything can be done the same with other services (excluding redirection)
User must log in twice
After some period of time of inactivity/or verifying opened sockets from
SECURED_SITE by FIREWALL (via SECURED_SITE spearate script.php), executed
periodiccally and veryfing separate chains (if our firewall is LINUX) or any
other script.

I use upper config to prevent full opening of ssh port on my servers.

A.Binder


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]