kmccammonTIDALWAVE.NET

• Next message: sigippWELLA.COM.BR: "Re: Regarding *.pwl files..."
• Previous message: Cave, Glynis: "Password Aging/Remote Access"
• Maybe reply: Keith McCammon: "Re: MSProxy Server 2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The key to Proxy Server is the LAT. This is the most important
aspect of this software. If you carelessly add IP classes, or need
more classes and add live IP's, you're hosed. Only add what you
need, and always use identification. If you want a public IP
included, that's fine; but remember that you now open your network up
to spoofing, etc. Can it be done? Yes. It is a ridiculous idea?
Of course.

Also, make sure IP forwarding is turned off (Proxy 2 install does
this, but often times people mistakenly think that since two NICs are
involved that you need to "forward" between the two - wrong).

As far as holes are concerned, Proxy is one of the "cleaner" programs
that Microsoft has put out. The reason it is exploited so often is
because admins don't take the time to REALLY understand what is
happening in a proxy environment (not just MS proxy, but ANY proxy).
MS has a bad rep for selling open-by-default software, but things can
be closed (in time), and it can be made secure.

Keith W. McCammon
Network Administrator
Quantum Communications, Inc.
703.968.5744 x123

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOTfWACUq8IR1X4ipEQLHJwCfSA2+EclNFFq/8RKiPOsg3gUOkXoAoLFl
Rcflubk67Kx0ojuS0zaKE351
=DwCB
-----END PGP SIGNATURE-----

• Next message: sigippWELLA.COM.BR: "Re: Regarding *.pwl files..."
• Previous message: Cave, Glynis: "Password Aging/Remote Access"
• Maybe reply: Keith McCammon: "Re: MSProxy Server 2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]