Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 15164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block login popup from remote site?

DouglasFoster

If a emote web or ftp site returns a 407 error, UTM passes it thorugh to the browser which give sthe user a login popup.   If the site is http or ftp, then the crdentials are returned unencrypted.   Because the whole pop-up is often unexpected and the site name is in relatively small letters, the user may assume that he is supposed to enter his domain user and password.   This will pass secure credentials to the remote site and will pass them insecurely.   

is there a way to configure UTM to return a status that does not permit browser authentication from being triggered by the remote site?



This thread was automatically locked due to age.
Parents
  • 0

    So, to net this conversation out, Doug's original concern was unfounded.  The prompt he saw did not originate from the remote site.  Correct?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    So possibly this is just a thought experiment question he has.  Possibly he has some network equipment that does something wacky.  The network is a wacky place.

    For example, if I recall I had a KVM switch that you could browse to with HTTP.  I think it did a 401 Basic authentication which caused a browser pop for credentials.  Any credentials would be sent plaintext over an unencrypted connection.

    So if a user accidentally thought it was asking for windows credentials they would be sending their windows credentials in plaintext over the network.  Now if it was going through the UTM then maybe the UTM could block it (would need to be a feature request) but in that case the actual result is that your KVM doesn't work.  Probably not what you want.  Or maybe it is what he wants.  Regardless, it is something that he could probably monitor in logs but not something we can currently block.

Reply
  • 0 in reply to BAlfson

    So possibly this is just a thought experiment question he has.  Possibly he has some network equipment that does something wacky.  The network is a wacky place.

    For example, if I recall I had a KVM switch that you could browse to with HTTP.  I think it did a 401 Basic authentication which caused a browser pop for credentials.  Any credentials would be sent plaintext over an unencrypted connection.

    So if a user accidentally thought it was asking for windows credentials they would be sending their windows credentials in plaintext over the network.  Now if it was going through the UTM then maybe the UTM could block it (would need to be a feature request) but in that case the actual result is that your KVM doesn't work.  Probably not what you want.  Or maybe it is what he wants.  Regardless, it is something that he could probably monitor in logs but not something we can currently block.

Children
No Data
Unfiltered HTML