With the proper firewall the authentication access wouldnt seem to be an
issue(many free and costed implementations will support this in firewall
technology). Problem is the OLD unbounded buffer problems noted in
many internet products today seem to be almost perennial, the
OEM's and vendors have proven time and time again that "normal"
developers unless they are given PRECISE guidance about secure
programming for libraries and applications as well as OS's
will fail time and time again to produce secure code.
what outlook does this hold?
well if the app is insecure to this issue and it listens to a network
port connected through a firewall to the outside it
can still be sucessfully attacked.(providing the firewall is of a
packet filtering/simple application proxy and nonencrypted.)
Active spoofing is there and it does work.
p.s. I would be looking at web access via SKIP if I were to architect
a secure access web server app(providing of course the security level
of the information browsed justified it.)
Otherwise the securid and other 1 time password schemes are simply
no more than expensive toys, in the face of active spoofing
you have to authenticate EVERY packet, there is NO
solution acceptable short of this...