Proxy 2.0 secure?

Brian Steele steele_b@spiceisle.com
Mon, 29 Jun 1998 09:23:20 -0400


>Just because the MS-Proxy supports this feature, doesn't mean its a
>requirement for every other firewall. This feature requires that you
>activate NT Challenge/Response authentication which locks out any
>Netscape user unless you also allow basic authentication (which is
>not clear text, but uuencoded and doesn't work transparently).


True, but if Internet Explorer (or Exploder as some say :-)) is provided
free with every Win 95 and Win NT box, why would I consider anything else
for a PC network?  Also, I haven't used Netcape Communicator - does that
support NTCR?


>In this case users have use the same account for internal systems as for
>access to the proxy.

Sort of.  You can set up a one-way trust relationship with the MSP server,
so it doesn't store account information for the user (a possible security
risk if the server is compromised).


> Some external website might convince users to type
>their username and password one more time...


Another security risk again, and one that I don't really have an answer for,
apart from telling users NOT to use their LAN usernames and passwords when
setting up accounts on remote sites - but how do you enforce this?


Brian Steele