locked
Security RRS feed

  • Question

  • Where is the security?

    How will you know if someone is using the remote web portal as an attack vector? With the router forwarding packets, the hackers will be around in no time.

    The browser certificate is  not trusted, where's the root certificate? A home user will be intimidated by that 'not trusted' statement.

    Otherwise the install went well and it's really cool.

     

    Dan

    Sunday, March 11, 2007 1:09 AM

All replies

  • I cannot immediately speak to the first issue... but with regards to the certificate... this is a known issue on Connect and it's been stated that it'll be resolved before the final release.
    Sunday, March 11, 2007 1:39 AM
    Moderator
  •  wilspin wrote:
    How will you know if someone is using the remote web portal as an attack vector? With the router forwarding packets, the hackers will be around in no time.

    The browser certificate is not trusted, where's the root certificate? A home user will be intimidated by that 'not trusted' statement.

    Well, you probably won't know directly. If you suspect you have a problem, you can monitor the Security event log and use a tool to analyse the web logs for attacks. But if you follow reasonable security practices, you probably won't have too much trouble. You should forward the minimum number of ports (which would be 443 and 4125), and use strong security for those users allowed remote access.

    The certificate has two problems. First, it's self-signed. Second, from anywhere outside your home network, it's going to look like it's assigned to a different machine. We are assured that the cert issues will be solved by the time WHS is released.

    Sunday, March 11, 2007 4:06 AM
    Moderator