By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted.
To secure Client Authenitcation follow the following steps :
Change the following line in $FWDIR/conf/fwauthd.conf,
900 fwssd in.ahclientd wait 900
to
900 fwssd in.ahclientd wait 900 ssl:defaultCert
And remove the line :
259 fwssd in.aclientd wait 259
This allows you to change the HTTP server to an encrypted HTTPS server and disables authentication over Telnet.
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial