[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Portsentry, ipchains and pmfirewall

Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
From: "MikeM" <MyRaQ@xxxxxxxxx>
Date: Wed, 23 Jan 2002 19:37:32 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 1/23/2002 at 10:35 PM Michael Stauber wrote:
|The perhaps smartest way (and the one which requires the most efforts) is 
|this: Make Webmin totally inaccessible to the outside world with IPChains
|and 
|let it run only locally on the IP 127.0.0.1, port 10000. Then use stunnel 
|(see: www.stunnel.org) to establish a secure (forwarding) connection from
|a 
|local Linux machine in your office to 127.0.0.1:10000 on your server. This 
|requires some tinkering, but sounds like a nice and rather secure
|alternative.
|-- 
=============

Hmmm... since that method seems to rely upon the security of ipchains, and adds a lot of problem-prone complexity; why not just choose an obscure port for webmin, config webmin for SSL, and use ipchains to filter access to that port.

I mean, if it's complexity that you want, I could propose a far more complex and only slightly more secure solution; but I doubt the additional complexity would be worth the minor increase in security.
b

References:
- Re: [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: _ cbtrussell _
- Re: [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Next by Date: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Previous by thread: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Next by thread: Re: [cobalt-security] Portsentry, ipchains and pmfirewall

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index