Re: ip restriction

You missed my point, Vincent...If administering from someone elses 
machine, one doesn't have access to ssh--but a SSL capable browser is 
always available on any net connected PC.

Besides OpenSSH has had more remote root exploits in the past year than 
Webmin has.  Kinda blows a big gaping hole in that plan, doesn't it?

Not to mention that because SSH is so much more commonly used than 
Webmin, it is scanned far more frequently by crackers.  I recently had a 
client that had been running an exploitable Webmin for over three 
months, and the machine wasn't rooted.  Another client installed a Red 
Hat 7.2 system with nothing but SSH running on a Friday.  It was 
thoroughly rooted by the time I logged in on Monday.  They had to 
reinstall and apply the errata before putting it back on the net (always 
recommended of course...I'm just making a point).

I run both SSH and Webmin on my server, but claiming that SSH is more 
secure than Webmin is going to require something more than hand waving 
about security-orientedness.  By being written in Perl, Webmin avoids 
several whole classes of security issue that SSH must deal with (and has 
proven to fail at on occasion).

Panel Vincent wrote:
> Hi,
>
> If you want to be able to manage your webmin host from multiple (untrusted) sites, you should use ssh : restrict IP access on your webmin host to "localhost" and connect to this host using ssh (with key authentication : keep your key on a floppy and protect it with a challenge phrase -> in case you loose it) and port forwarding. This is the most secure way to administer a machine (IMHO) : 
> - you have just one open port (22)
> - the application behind that port is definitely "security-oriented" (ssh)
> - you can access your host from whatever OS supporting ssh (Win32, *nix, *BSD, 
> even IOS...)
> - you have a shell access on your host (in rare cases where you would like to 
> do something webmin doesn't handle)
> - you can even install VNC and manage your host as if you were behind his screen
>
> ______________________
> Vincent Panel
> Axen (www.axen.be)
> mailto:vpanel@xxxxxxx
> ______________________
>
>
> -----Original Message-----
> From:   Joe Cooper [mailto:joe@xxxxxxxxxxxxx]
> Sent:   Thu 6/20/2002 5:20 AM
> To:     webadmin-list@xxxxxxxxxxxxxxxxxxxxx
> Cc:     
> Subject:        Re: ip restriction
>
> I'm not a security expert either, but I would suggest using both 
> certificate and IP restrictions, if using certificates is feasible*. 
> Realize that IP restrictions can prevent another set of attacks--those 
> attacks on the security of Webmin itself that we might not yet know 
> about.  The code path between "Connect->IP Check" is shorter than the 
> path "Connect->Check login credentials", and thus less likely to have 
> exploitable bugs.  While exploits to Webmin are rare (only one in the 
> past year or more) they are possible, and thinking of ways to prevent 
> them at both the firewall level and within Webmin is a good practice. 
> Security has to come first...then we work out how to do our jobs 
> conveniently within that security policy.
>
> And every little bit helps...
>
> Certficates are not feasible if you must be able to administer the box 
> from multiple sites, particularly if some of those sites are untrusted. 
>   I log into my server while travelling, sometimes from other peoples 
> machines that I administer.  If I don't allow logins without 
> certificates, I can't do that.


--
Joe Cooper <joe@xxxxxxxxxxxxx>
Web caching appliances and support.
http://www.swelltech.com



-------------------------------------------------------
                  Bringing you mounds of caffeinated joy
                  >>>     http://thinkgeek.com/sf    <<<

-
Forwarded by the Webmin mailing list at webadmin-list@xxxxxxxxxxxxxxxxxxxxx
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list