[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Securing Admin Pages
- Subject: RE: [cobalt-security] Securing Admin Pages
- From: "Steven Young" <steven.young@xxxxxxxxxxxxxxx>
- Date: Fri, 22 Feb 2002 15:08:20 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeffrey April
> Sent: 22 February 2002 03:45
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] Securing Admin Pages
>
>
> A quick way to secure the admin page is to use an ssh tunnel. With
> SecureCRT, and other ssh client for Windoze, you can connect to port 81
> via an ssh tunnel. This will encrypt all of the traffic to the admin
> pages.
>
> Jeff
>
> On Thu, 21 Feb 2002, duncan gray wrote:
>
> > Hi,
> > Ive recently just had one of my websites hacked on my
> > server I have know Idea how as I thought my server was
> > pretty secure, As I've kept up to date with all the
> > latest patches, switched my tellnet over to SSH, and
> > so forth, my bigest guess is that you have to pass the
> > root password to the machine while logging in over the
> > Web admin pages, this scare me some what. But raises
> > some questions in my mind.
> >
> > A. is there a way to make the main admin pages work
> > off a different user account, If not why not as it
> > seems like a huge security hole to me.
> >
> > B. Secondly I dont know much about certificates, but
> > Is it possible to issue a client certificate or some
> > sort of certificate so you can limit only certain
> > browsers/users to access that site? and making sure
> > that the link between the server and the client is
> > secure?
> >
> > Thanks
> >
> > Duncan.
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Sports - Coverage of the 2002 Olympic Games
> > http://sports.yahoo.com
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>