[ previous ] [ next ] [ threads ]
 From:  Mikael Bohlin <Mikael dot Bohlin at se dot flextronics dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Odd kind of setup?
 Date:  Thu, 8 Jul 2004 07:52:51 +0200

I'm about to test the Monowall in a slightly different scenario then what I
guess most of you guys do.

I am about to build a separate network for our viristors and guests. From
this Visitor network our guests should get Internet access but no access to
our company resources.
On this network I connect the Monowall LAN interface, enables DHCP and DNS
forwarding. I will also use the Captive portal function, forcing them to log
on first.
On my company network I connect the Monowall WAN interface.

With this setup there pop's up a couple of questions:

 - Can I disable the Management on the LAN interface??? I do no want any
clever visitor trying to logon to the Monowall and changing stuff.
 - When a user logs on to the Captive portal page, it performs a HTTP POST
sending the user ID and password in clear text. Any user with a network
sniffer will easily find the others credentials... Can this be changed into
a HTTPS-POST??? It would add a lot of security into it.




Mikael Bohlin
IT Security Coordinator
Flextronics Network Services