Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 15162 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block login popup from remote site?

DouglasFoster

If a emote web or ftp site returns a 407 error, UTM passes it thorugh to the browser which give sthe user a login popup.   If the site is http or ftp, then the crdentials are returned unencrypted.   Because the whole pop-up is often unexpected and the site name is in relatively small letters, the user may assume that he is supposed to enter his domain user and password.   This will pass secure credentials to the remote site and will pass them insecurely.   

is there a way to configure UTM to return a status that does not permit browser authentication from being triggered by the remote site?



This thread was automatically locked due to age.
Parents
  • 0

    So, to net this conversation out, Doug's original concern was unfounded.  The prompt he saw did not originate from the remote site.  Correct?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    So, to net this conversation out, Doug's original concern was unfounded.  The prompt he saw did not originate from the remote site.  Correct?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    So possibly this is just a thought experiment question he has.  Possibly he has some network equipment that does something wacky.  The network is a wacky place.

    For example, if I recall I had a KVM switch that you could browse to with HTTP.  I think it did a 401 Basic authentication which caused a browser pop for credentials.  Any credentials would be sent plaintext over an unencrypted connection.

    So if a user accidentally thought it was asking for windows credentials they would be sending their windows credentials in plaintext over the network.  Now if it was going through the UTM then maybe the UTM could block it (would need to be a feature request) but in that case the actual result is that your KVM doesn't work.  Probably not what you want.  Or maybe it is what he wants.  Regardless, it is something that he could probably monitor in logs but not something we can currently block.

  • 0 in reply to BAlfson

    Nothing unfounded, I just had my http codes comfused.

    I have a hosting service for a personal domain, which shall remain nameless because I am growing disaffected as I identify their security problems.

    They support authenticated ftp for uploading and downloading files.   If i browse to the ftp site, I see a login popup whether running through UTM or not.

    When I realized all of the problems associated with a popup login prompt, I realized that I should block the login prompt, whether coming from an ftp site or an http(s) site.   Ftp and http are a problem because it is not encrypted, and even https is a problem because the user is likely to release internal credentials as a social engineering mistake.

    I want a policy that says ftp is only allowed if it is anonymous.

  • 0 in reply to DouglasFoster

    "I want a policy that says ftp is only allowed if it is anonymous."

    That would be a feature request: Ideas.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML