|
Subject: |
Re: web interface for majordomo and how does majorcool adm screens looks like |
|
From: |
"Daniel Hedley" <daniel @
brixton-online .
com> |
|
Date: |
Wed, 31 Jul 2002 15:59:59 +0100 |
|
To: |
<majordomo-users @
greatcircle .
com> |
|
Thread-index: |
AcI4ohKKvoSV8Z7VRkS2Jam4bMcXGwAAIlAA |
|
Thread-topic: |
web interface for majordomo and how does majorcool adm screens looks like |
On Wed, 31 Jul 2002 14:38:22 +0100 Daniel Hedley
<daniel@brixton-online.com> wrote:
> I'd take issue with the "webmin insecure" ting.
> What I normally do is 1) change the port,
>changing the port is a help, but is an obscurity based approach and
won't defend you against a determined >hacker
It's better than not doing it.
> 2) use SSL
essential
> and 3) restrict
> access to a particular range of Ips (the NAT router in our office and
> my home IP usually).
>IPs can be spoofed, and having your home IP listed is a potential
source of spoofing attacks.
>i'd suggest not listing your home IP as accessible, and tunneling
webmin inside ssh instead, so the >>connection appears to come from
localhost.
Yep, good idea. I'll see if I can figure it out (or is there a HOWTO?)
> It's then perfectly secure, or at least as secure as anything is
> these days.
i'd be happier if it supported PKI or other public key based
authentication, as opposed to just a password. if you use ssh tunneling,
and set up RSA or DSA keys, you can accomplish this effect.
>and you do use a different password for your webmin installation than
you use for anything that might, >>>>>>intentionally or inadvertantly,
be transmitted in the clear, right?
Yep. Have different passwords for each thing on t'network, & one of
those thumbprint decrypter thingies off of thinkgeek.com. Works for me.
richard
--
Richard Welty
rwelty@suespammers.org Averill Park
Networking
rwelty@averillpark.net Unix, Linux, IP Network Engineering,
Security
rwelty@krusty-motorsports.com
518-573-7592
Follow-Ups:
|
|
