One of our clients will be the Brazilian Government and they use an
internal normatization about firewall that explicits says that there
cound not be any remote access service running while the firewall is not
in maintaince state.
I don't know if this interest everybody, but I do really think that even
more secure that service blocked is do not have the service running.
Our effort is to have one option like the one We have to disable the
console, but to disable the webGUI.
Chet Harvey wrote:
> what about setting up a trusted management station and allowing only that box
> access to the m0n0 on port 443?
> Thats kinda industry standard.
> Chet Harvey
> Pitbull Technologies <http://www.pittech.com/>
> Protecting your Digital Assets
> Quoting Jean Everson Martina <everson at inf dot ufsc dot br>:
>> We have planned something like that, and when we want to release the
>>webGUI to use we can have a console option to release all firewall
>>rules. But we are concerned that not having the webGUI running is secure
>>like this solution, but needs less resources.
>>Mine GO BOOM wrote:
>>>> Another thing wre need to change in m0n0wall is the automatic
>>>>of the webGUI. We need to disable it, as we do with console. Some of our
>>>>clients think that keeping the admin web port open is a security flaw.
>>>>How can we start to do this? is there some documentation about the
>>>>m0n0wall XML Schema to us to include this setting there?
>>>If you plan on never changing the configuration file again, you can
>>>always block access to the site on the LAN side. If you really want to
>>>be able to access it again, you could always have another network card
>>>in there setup to be m0n0wall only for access change.