[SR-Users] Security in proxy

Henning Westerholt henning.westerholt at 1und1.de
Thu Jun 16 12:44:30 CEST 2011 

On Thursday 16 June 2011, Anto wrote:
>  After reading the modules pike, pipelimit, etc. I wanted to know what
> measures can be used in the proxy, because like me, there will be more
> people interested ;-).
> 
>  We see that the module pike is a good security measure, but for users with
> many channels, we used the configuration of users with few channels (could
> we discriminate and make different rules for each?). If we have the proxy
> settings for normal users and have trunk configuration as well, I guess we
> also mark the traffic of the trunk to see it too aggressive about the
> user. As you might know if discriminate different types of users according
> to their traffic, one solution I can think of is to have different proxies
> for each user type (trunk, normal, etc).

Hi Anto,

having different systems is one solution, you could also just use internally 
in one server different traffic classes for the user sets you have. 

>  Is there any way to implement something that detects unusual behavior on
> the user (referred to countries that do not ever called, excessive
> traffic, etc)?. I ask not to try to implement something that exists or
> perhaps someone can advise me how to do so because it is very likely not
> get it or do it wrong :-P . Continue to seek information and if I find
> something to contribute, send him to the list.

You should also look into the htable module for account/ password brute force 
detection. If you want to implement something w/r to the origination country 
of certain traffic, there is the geoip module which can provide you this 
informations, wich you could also combine with the modules already discussed.
 
>  Can you think of some way more secure proxy (mainly user accounts)? Do
> some basic safety tips to take into consideration? Any guidance? My advice
> to avoid trying to schedule something with 100 lines of code when I can do
> with 5 lines? Does this indicate that I intend to do not I make it :-P ?.
> What I said, I will try paper on the subject and if I can find information
> on something (though it may seem a bad code :-( ), which publishes. Thanks
> ;-)

With regards to user accounts, one thing you probably want to look at is 
password security and fraud or misuse detection logic. Smart attackers will 
find ways around your proactive measures, and you need to respond actively, 
like blocking users after you detected something malicious.

Best regards,

Henning

More information about the sr-users mailing list