[ previous ] [ next ] [ threads ]
 
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Boris Rudoy <boris at rudoy dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] mono parameters
 Date:  Mon, 1 Dec 2003 17:47:41 -0700
At 10:34 AM 12/1/2003, Boris Rudoy wrote:
>I believe access authorization is reliable.  No clear text password, isn't 
>it? Or I should use https for this reason?

If I were going to do this (and I'm not), I would at least use HTTPS with 
client X509 certificates.

What I =do= do is ssh through the m0n0wall to a host on the LAN side, and 
then run lynx pointed back at the m0n0wall.  Some folks I know do the same 
thing in GUI land by using a Remote Desktop (RDP) connection through the 
m0n0wall and then pointing a browser back at the m0n0wall.

The point, I guess, is that you want to leave your firewall as simple and 
rock-solid as you can.  Every feature you add is a potential exploit.

That is perhaps why there seems to be a schizophrenic view of m0n0wall on 
the Soekris net4501.  Is it a firewall?  Is it a network appliance?  It 
shouldn't be both.


-- CONFIDENTIALITY NOTICE --

This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.