[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Portsentry, ipchains and pmfirewall

Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
Date: Thu, 24 Jan 2002 16:00:55 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Mike,

> Hmmm... since that method seems to rely upon the security of
> ipchains, and adds a lot of problem-prone complexity; why not
> just choose an obscure port for webmin, config webmin for SSL, 
> and use ipchains to filter access to that port.

I was just giving three ideas and suggestions which I could think of from the top of my head. The first one in my message is identical with the one you suggest, while the second and third suggestion are of course more complex and more complicated to implement, but also might offer the better degree of protection.

> I doubt the additional complexity would be worth the minor
> increase in security.

I think that pretty much depends on what you prefer or need. For instance: Someone who's already using STUNNEL for other purposes on his machine might opt for that approach, as it is less complicated for him to implement it that way. Others might prefer to set up an IPChains rule to block UDP and use security through obscurity by moving Webmin to another port. You're free to use whatever suits you best. 

-- 
With best regards,

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- Re: [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: MikeM

Prev by Date: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Next by Date: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Previous by thread: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Next by thread: Re: [cobalt-security] Portsentry, ipchains and pmfirewall

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index