tangle-ee
09-08-2008, 05:19 PM
In the thread at
http://forums.untangle.com/showthread.php?t=4440
mdh said:
The only people that will see the page to start the client will be those who you think need to. Important links for you, using "ip" as your Untangle box's IP address are:
https://ip/webstart <-- Untangle remote admin
https://ip/reports <--- Untangle reports
https://ip/quarantine <-- email quarantine
https://ip <--- remote access portal login
The "ip" of the Untangle server is in the address bar of every PC that is protected by the web filter inside the network. If anyone is curious, they can access http://ip. They do not need https.
When they do, they get the remote access portal login page. Nothing stand between them and the keys to the kingdom but a password.
I have concerns about the password being brute-forced, or otherwise leaked.
Is there anything that can be done to further protect the remote administration pages from the internal network?
http://forums.untangle.com/showthread.php?t=4440
mdh said:
The only people that will see the page to start the client will be those who you think need to. Important links for you, using "ip" as your Untangle box's IP address are:
https://ip/webstart <-- Untangle remote admin
https://ip/reports <--- Untangle reports
https://ip/quarantine <-- email quarantine
https://ip <--- remote access portal login
The "ip" of the Untangle server is in the address bar of every PC that is protected by the web filter inside the network. If anyone is curious, they can access http://ip. They do not need https.
When they do, they get the remote access portal login page. Nothing stand between them and the keys to the kingdom but a password.
I have concerns about the password being brute-forced, or otherwise leaked.
Is there anything that can be done to further protect the remote administration pages from the internal network?