home
products
contribute
download
documentation
forum
Home
Forums
New posts
Search forums
What's new
New posts
All posts
Latest activity
Members
Registered members
Current visitors
Donate
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Search titles only
By:
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
MediaPortal 1
WebService and Mobile Access
Popular Plugins
aMPdroid
External access with W7
Contact us
RSS
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="sjevtic" data-source="post: 852959" data-attributes="member: 118214"><p>Usernames/passwords for Internet-accessible resources (like WebMediaPortal in this case) do little to keep them secure, since the credentials can be readily observed in transit. You could increase security a bit by restricting WebMediaPortal and MPEXtended to serve only specific IP addresses with IIS or your firewall, but that does not address the credential privacy issue. Moreover, IP addresses can be readily spoofed by skilled attackers, and the technique quickly becomes inconvenient as your base of clients grows or their IP addresses change. While using SSL can provide comprehensive security, it requires application support, which is unlikely to be available with all the all the clients you might use with MPExtended that aren't actually web browsers. So, in a lot of ways, a VPN provides the most effective, convenient, and usable solution.</p><p> </p><p>The biggest issue I've run into with with establishing a PPTP connection to a VPN server inside of a firewall on a NAT-ed subnet is correctly setting the firewall rules and performing the correct NAT transformations. Note that in addition to port 1723/TCP, you also need to pass generic route encapsulation (GRE), which is IP protocol 47. Microsoft has a nice discussion of this topic here:</p><p> </p><p><a href="http://technet.microsoft.com/en-us/library/cc737500%28v=ws.10%29.aspx" target="_blank">http://technet.microsoft.com/en-us/library/cc737500(v=ws.10).aspx</a></p><p> </p><p>The article is about Windows Server 2003, but the concepts are still relevant.</p><p> </p><p>Sasha</p></blockquote><p></p>
[QUOTE="sjevtic, post: 852959, member: 118214"] Usernames/passwords for Internet-accessible resources (like WebMediaPortal in this case) do little to keep them secure, since the credentials can be readily observed in transit. You could increase security a bit by restricting WebMediaPortal and MPEXtended to serve only specific IP addresses with IIS or your firewall, but that does not address the credential privacy issue. Moreover, IP addresses can be readily spoofed by skilled attackers, and the technique quickly becomes inconvenient as your base of clients grows or their IP addresses change. While using SSL can provide comprehensive security, it requires application support, which is unlikely to be available with all the all the clients you might use with MPExtended that aren't actually web browsers. So, in a lot of ways, a VPN provides the most effective, convenient, and usable solution. The biggest issue I've run into with with establishing a PPTP connection to a VPN server inside of a firewall on a NAT-ed subnet is correctly setting the firewall rules and performing the correct NAT transformations. Note that in addition to port 1723/TCP, you also need to pass generic route encapsulation (GRE), which is IP protocol 47. Microsoft has a nice discussion of this topic here: [url]http://technet.microsoft.com/en-us/library/cc737500%28v=ws.10%29.aspx[/url] The article is about Windows Server 2003, but the concepts are still relevant. Sasha [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
MediaPortal 1
WebService and Mobile Access
Popular Plugins
aMPdroid
External access with W7
Contact us
RSS
Top
Bottom