09-08-2006 05:02 PM
How does ironport deals with brute force attacks on ssh and https?
There is some kind of control?
If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...
09-11-2006 06:40 PM
no one knows? or do you just dont think that it's a point?
09-15-2006 12:12 PM
If someone leaves ironport's 22 and 443 ports "open" to the internet, it would be a problem if ironport does not control number of invalid logins attempts...
09-18-2006 05:39 PM
IMHO, it is better if IronPort could have this feature, iptables-like or firewall-like that secure port 22 or 443 port.
09-19-2006 01:14 PM
ok. here is the deal: someway internet crawlers are indexing many ironports with HTTPS wide open to the net... Actually i've seen some guy at defcon14 talking about how to use google to find targets without been flagged, and i was wondering if i could do this to find ironports... Bingo.
so, i think we need to spend sometime discussing this issue, that is not a huge issue, but i keep telling, someone might have been troubles with this, specially when they don't update AsyncOS (in fact, this is the case!)
i would recommend you to readding Robots Exclusion Protocol
this probably contains our solution...
09-19-2006 02:16 PM
i would recommend you to readding Robots Exclusion Protocol
this probably contains our solution...
09-29-2006 10:01 PM
uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...
But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss? hehe
09-29-2006 10:19 PM
uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...
But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?
10-02-2006 11:27 PM
uhm, i think it would be against Ironport Systems main purpose, that is to keep the appliances doing only its jobs. If you give a firewall, ppl will be able to use ironport to another tasks beyond MT task, and i think it's not wise...
I'm not talking about using it as a firewall to protect other systems. I'm talking about it having a built-in software firewall for protecting itself.
But just in case, do you guys really think ironportnation's forums have enough spot to this kind of discuss?
You're the one who started this thread. If you don't think this is an appropriate place for it then why did you start it?
10-03-2006 12:47 AM
If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.
10-07-2006 06:35 PM
If you really want your system to be safe, just dont run the stuff. Keep ssh and https disabled on the public interface.
It's not always that easy. In our setup, for example, if ssh and https were not enabled on the public interfaces then I couldn't manage the units at all.
I use the FreeBSD ipfw to great effect on other systems. It has absolutely eliminated the routine ssh "door knob rattling" that we used to see in our logs.
10-07-2006 06:41 PM
So if we have access to some feat where we can choose the ip's with permission to connect on the appliance through the https and ssh, like the private relay permission, i really think that would solve the issues and would keep things simple.
10-07-2006 06:49 PM
So if we have access to some feat where we can choose the ip's with permission to connect on the appliance through the https and ssh, like the private relay permission, i really think that would solve the issues and would keep things simple.
Yes, that's exactly what I had in mind. And like I said before, AsyncOS is based on FreeBSD, and FreeBSD includes ipfw, which does exactly this. All they'd need to do is expose an interface to it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: