[ previous ] [ next ] [ threads ]
 
 From:  Jean Everson Martina <everson at inf dot ufsc dot br>
 To:  Chet Harvey <chet at pittech dot com>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Patches on M0n0wall
 Date:  Mon, 13 Sep 2004 23:52:08 -0300
One of our clients will be the Brazilian Government and they use an 
internal normatization about firewall that explicits says that there 
cound not be any remote access service running while the firewall is not 
in maintaince state.

I don't know if this interest everybody, but I do really think that even 
more secure that service  blocked is do not have the service running. 
Our effort is to have one option like the one We have to disable the 
console, but to disable the webGUI.



Jean

Chet Harvey wrote:
> what about setting up a trusted management station and allowing only that box 
> access to the m0n0 on port 443?
> 
> Thats kinda industry standard.
> 
> Chet Harvey
> Pitbull Technologies <http://www.pittech.com/> 
> Protecting your Digital Assets
> 703.407.7311
> 
> 
> Quoting Jean Everson Martina <everson at inf dot ufsc dot br>:
> 
> 
>>Hi,
>>
>>	We have planned something like that, and when we want to release the 
>>webGUI to use we can have a console option to release all firewall 
>>rules. But we are concerned that not having the webGUI running is secure 
>>like this solution, but needs less resources.
>>
>>Thanks,
>>
>>Jean Everson
>>
>>Mine GO BOOM wrote:
>>
>>>>       Another thing wre need to change in m0n0wall is the automatic
>>
>>starting
>>
>>>>of the webGUI. We need to disable it, as we do with console. Some of our
>>>>clients think that keeping the admin web port open is a security flaw.
>>>>How can we start to do this? is there some documentation about the
>>>>m0n0wall XML Schema to us to include this setting there?
>>>
>>>
>>>If you plan on never changing the configuration file again, you can
>>>always block access to the site on the LAN side. If you really want to
>>>be able to access it again, you could always have another network card
>>>in there setup to be m0n0wall only for access change.
>>
everson.vcf (0.4 KB, text/x-vcard)
smime.p7s (5.8 KB, application/x-pkcs7-signature)