[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
- From: "MikeM" <MyRaQ@xxxxxxxxx>
- Date: Wed, 23 Jan 2002 19:37:32 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On 1/23/2002 at 10:35 PM Michael Stauber wrote:
|The perhaps smartest way (and the one which requires the most efforts) is
|this: Make Webmin totally inaccessible to the outside world with IPChains
|and
|let it run only locally on the IP 127.0.0.1, port 10000. Then use stunnel
|(see: www.stunnel.org) to establish a secure (forwarding) connection from
|a
|local Linux machine in your office to 127.0.0.1:10000 on your server. This
|requires some tinkering, but sounds like a nice and rather secure
|alternative.
|--
=============
Hmmm... since that method seems to rely upon the security of ipchains, and adds a lot of problem-prone complexity; why not just choose an obscure port for webmin, config webmin for SSL, and use ipchains to filter access to that port.
I mean, if it's complexity that you want, I could propose a far more complex and only slightly more secure solution; but I doubt the additional complexity would be worth the minor increase in security.
b