|
Posted by =?Utf-8?B?TGFycnk=?= on January 16, 2007, 10:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
We are currently having problems with basic authentication with users trying
to access the company intranet and I was curious if that I turned off basic
auth and allowed anonymous access would that be a big security issue since
the info on our intranet is not confidential. Any thoughts would be greatly
appreciated.
|
|
Posted by Phillip Windell on January 16, 2007, 2:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
If the information is not "sensitive information" and is allowing just
read-only access,...then anonymous can be *more* secure because there are no
user credentials going over the wire.
Do not allow anonymous if there are uploads happening. It must be read-only
access to non-sensitive data. That is what most all public web sites are
doing.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------
> We are currently having problems with basic authentication with users
> trying
> to access the company intranet and I was curious if that I turned off
> basic
> auth and allowed anonymous access would that be a big security issue since
> the info on our intranet is not confidential. Any thoughts would be
> greatly
> appreciated.
|
|
Posted by =?Utf-8?B?bXRnYXJkZW4=?= on January 16, 2007, 4:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
First, it is possible that a user will store sensitive information in a
location that is accessable accross the network. Secondly, this could allow
a malicious user to study your network and find exploitable machines.
Thirdly, if there is any possibility of someone being able to write to your
systems, you have little reason to expect a stable environment - someone will
upload malicious code onto your systems.
The purpose of a firewall is to protect against these types of attacks.
Your best option is to solve the authetication problem. As a secondary
response, I would recommend that you set up an ftp server or http server that
will host the files. Put that machine outside of the firewall and use it as
a billboard for your employees to share information. I would only allow
people inside the network to have permission to write to this box though. It
is extremely rare that an annoymous user should have write access to a
computer.
Hope that helps.
"Larry" wrote:
> We are currently having problems with basic authentication with users trying
> to access the company intranet and I was curious if that I turned off basic
> auth and allowed anonymous access would that be a big security issue since
> the info on our intranet is not confidential. Any thoughts would be greatly
> appreciated.
|
|
Posted by Steven L Umbach on January 16, 2007, 9:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
desirable for most. If the intranet web server is not available to users
outside of the network and your users can get the access they need I would
not worry too much about using anonymous access if nothing sensitive is on
the web server. Checking the security log of the web server may give a clue
as to why your current authentication is failing particularly if you enable
auditing of privilege use for failure also.
Steve
> We are currently having problems with basic authentication with users
> trying
> to access the company intranet and I was curious if that I turned off
> basic
> auth and allowed anonymous access would that be a big security issue since
> the info on our intranet is not confidential. Any thoughts would be
> greatly
> appreciated.
|
|
Posted by Roger Abell [MVP] on January 16, 2007, 10:44 pm
If you were Registered and logged in, you could reply and use other advanced thread options
It should, as then IE browsers that are allowed will prefer Windows
authentication, which is much safer.
If this truely is an "intranet" site, then no one other than those allowed
onto your internal network would be able to access. In that case, if
the site is anonymous for its (non-upload) services, it should not be
a big issue as long as all that do update the content know full well
that it is public to any browser that can get onto the internal network
(i.e. keep it as you state it now is, without any sensitive content).
Never-the-less, it would probably be best to resolve the authentication
issues you are experiencing and keep the extra layer of safety (i.e. non-
anonymous website).
> We are currently having problems with basic authentication with users
> trying
> to access the company intranet and I was curious if that I turned off
> basic
> auth and allowed anonymous access would that be a big security issue since
> the info on our intranet is not confidential. Any thoughts would be
> greatly
> appreciated.
|
| Similar Threads | Posted | | DCOM - Allowing Remote Anonymous Access | January 28, 2006, 7:46 pm |
| Allowing access to admin$ on NT4 -- getting "Access is Denied" | November 17, 2005, 12:01 pm |
| Allowing Internet Access to Programs. | September 2, 2005, 9:44 pm |
| Re: frequently-traveling users and their company-issued laptops | August 31, 2006, 1:57 am |
| Re: frequently-traveling users and their company-issued laptops | August 31, 2006, 1:58 am |
| Re: frequently-traveling users and their company-issued laptops | August 31, 2006, 5:25 am |
| Re: frequently-traveling users and their company-issued laptops | August 31, 2006, 9:26 am |
| frequently-traveling users and their company-issued laptops | August 30, 2006, 6:32 pm |
| Forcing Workstations to DHCP or Allowing Non-Admins Access to Alternate TCP/IP Config? | October 24, 2007, 6:48 am |
| Authenticated Users, Everyone ,anonymous ???? | September 15, 2008, 7:32 pm |
|
XML site map