Re: http://www.webmaker.mci.com/webmaker/features/secbrf.htm
Well well well:
> Netscape server - this user account only allows the Netscape Communication
> Server process to log into NT as a service. Logging in as a service allows
> the networkMCI WebMaker to control all accesses of the process. Since no
> external log in is permitted for this service, password guessing is not an
> option. Netscape permissions narrows the total resources available to
> Netscape to those in the Netscape directory on the C:\ drive.
Haven't there been a couple of reports about major CGI holes in the Netscape
server? Doesn't that make the lack of password guessing a moot point? All you
need to do is get one DLL in there and you can proxy anything you want though
to the internal net... and they've helpfully told us port 443 is available
for that purpose.
> 443 - TCP Secure Http (not supported in networkMCI WebMaker 1.0)
And they end with:
> While achieving 100% security is not practical, it is important to
> match desired access security with the value of the resources being
> protected. networkMCI WebMaker's firewall security system meets, or
> exceeds the security requirements of most small to medium sized
> businesses.
Anyone remember the parable of the widow's mite?
References:
|
|
