[ previous ] [ next ] [ threads ]
 
 From:  Michael Monaghan <mmonaghan at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] External Authentication
 Date:  Fri, 10 Sep 2004 08:40:26 -0400
Chris,

There are plenty of known vulnerabilities that Microsoft admits there
are no fixes for.  The one used in this attack was unknown to MS PSS
and is still under study 2 months after the fact.  A lot of people
would have ignored the attack because the Root Kit was almost perfect.
 I think we can all agree everything has it's problems and in the
wrong or untrained hands things can be much worse.  I do appreciate
your ideas on IIS.  We've implemented them previously and it didn't
slow the attacker down.

> > I'd like to improve the security of the system by locking out all but
> > authorized users (it isn't a public website).  Using IIS' internal
> > authentication doesn't prevent many of the known attacks so my thought
> > was to authenticate at the firewall.
> 
> That'd be a support nightmare, and I don't know if it would even be possible.

Why do you feel authentication at the firewall would be a support
nightmare?  That's the kind of information I'm looking for.  If I'm
not going to be able to support this configuration I'd like to know
before I commit to it.

Thanks,
Mike