[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Securing Admin Pages
- Subject: Re: [cobalt-security] Securing Admin Pages
- From: Jeffrey April <jeff@xxxxxxxxxxxx>
- Date: Thu, 21 Feb 2002 19:45:13 -0800 (PST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
A quick way to secure the admin page is to use an ssh tunnel. With
SecureCRT, and other ssh client for Windoze, you can connect to port 81
via an ssh tunnel. This will encrypt all of the traffic to the admin
pages.
Jeff
On Thu, 21 Feb 2002, duncan gray wrote:
> Hi,
> Ive recently just had one of my websites hacked on my
> server I have know Idea how as I thought my server was
> pretty secure, As I've kept up to date with all the
> latest patches, switched my tellnet over to SSH, and
> so forth, my bigest guess is that you have to pass the
> root password to the machine while logging in over the
> Web admin pages, this scare me some what. But raises
> some questions in my mind.
>
> A. is there a way to make the main admin pages work
> off a different user account, If not why not as it
> seems like a huge security hole to me.
>
> B. Secondly I dont know much about certificates, but
> Is it possible to issue a client certificate or some
> sort of certificate so you can limit only certain
> browsers/users to access that site? and making sure
> that the link between the server and the client is
> secure?
>
> Thanks
>
> Duncan.
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>