Mikael Olsson <[EMAIL PROTECTED]> wrote: > > This works just fine, but there is one small problem that usually > proves to be a huge problem in organizations with many > users. (Why do users always have to screw up our good ideas?) -- > how do you authenticate to the reverse proxy? I would tend to issue client-side certs and authenticate them at the reverse SSL proxy in addition any "server based" authentication that I did at the web/mail server(s). That way if there is a buffer overflow or other authentication information driven attack in the web/mail servers, they will not get exploited unless the cracker can satisfy the reverse proxy with a certificate. Now your only worry is attacks on the reverse proxy, and of course a client-side certificate leak. There is no reason that the proxy needs to run with any privilleges at all. Indeed a nice tidy little chroot() jail sounds wonderful for that! The other problem is social. If you have certificate leaks you need to terminate somebody's access immediately! b. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
- Re: secure webmail and firewall issues... Mikael Olsson
- Re: secure webmail and firewall issues... Shawn Kelly
- Re: secure webmail and firewall issues... Grant Vine
- RE: secure webmail and firewall issues... Jarmoc, Jeff
- RE: secure webmail and firewall issues... Eddy Kalem
- Re: secure webmail and firewall issues... Mikael Olsson
- Re: secure webmail and firewall issues... Brian Steele
- Re: secure webmail and firewall issues... Mikael Olsson
- Re: secure webmail and firewall issues... Alex Hague
- Re: secure webmail and firewall issues... Mikael Olsson
- Re: secure webmail and firewall issues... Brian J. Murrell
- Re: secure webmail and firewall issues... Paul D. Robertson
- Re: secure webmail and firewall issues... Jason Axley
- Re: secure webmail and firewall issues... Paul D. Robertson
- Re: secure webmail and firewall issues... Kostas Evangelinos
- Re: secure webmail and firewall issues... Jason Axley
- Re: secure webmail and firewall issues... Alex Hague
- Re: secure webmail and firewall issues... Mikael Olsson
- Re: secure webmail and firewall issues... Kostas Evangelinos
- Re: secure webmail and firewall issues... Alex Hague
- Re: secure webmail and firewall issues... Alex Hague
