•Re: PPM behind firewall - security concern

I'm hoping that your "HTTP firewall proxy" password has nothing to do with any other password for you, because it can be sniffed trivially anyway, unless you only do SSL connections.

If you aren't doing SSL, locking your HTTP password in to your box is no less secure than typing it directly.

And I really don't understand why net admins set up firewalls that require firewall passwords, unless all the traffic is encrypted. Oh well.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Comment on •Re: PPM behind firewall - security concern

Replies are listed 'Best First'.
Re: Why firewalls with password (OT) by Brutha (Friar) on Jan 14, 2004 at 13:19 UTC
I really don't understand why net admins set up firewalls that require firewall passwords Do not use common sense. This is not really for security, but to controll who is allowed to go through the firewall. The bigger a company the more hierarchies and privileges are to be considered. And allowed internet access is a kind of stripe on your shoulder. Another similar thing are mail atttachements, nothing, only pictures, documents, archives, etc. So these firewalls' purpose is more to secure the internet against the employees ;-) Nevertheless, it makes sense to allow only those user groups internet access, who need it. Others can go to the company's internet caffee for safe private access. This lowers the risk of external damage done to the internal network. BTW we are a bank with a software department. Update: fixed typo And it came to pass that in time the Great God Om spake unto Brutha, the Chosen One: "Psst!" (Terry Pratchett, Small Gods)	[reply]
Re: Re: Why firewalls with password (OT) by jordanh (Chaplain) on Jan 14, 2004 at 18:07 UTC
This is not really for security, but to controll who is allowed to go through the firewall. The bigger a company the more hierarchies and privileges are to be considered. And allowed internet access is a kind of stripe on your shoulder. Another similar thing are mail atttachements, nothing, only pictures, documents, archives, etc. So these firewalls' purpose is more to secure the internet against the employees ;-) In fairness, both these measures, proxy passwords and limiting outbound attachments, can help to isolate system compromises inside your corporate network. Once your network is compromised, measures like these can help stop the infected systems from turning on systems on the outside of your network to infect them.	[reply]