When webmin is running, it is bound to port 10000 since webmin uses its own 128bit certificate for encryption, its very safe, no passwords get passed in clear txt and its rather difficult to run a brute force password script on a web based admin program. if your passwords are up to the task, you will be fine.. (all my passwords are at least 11 characters long and contains small chars, CAPS chars, numbers4321 and symboles!@@#@!!
Since I started using no non non encrypted services, started using long passwords for stuff.. (in fact, usernames that need to be there and have a log in, but don't log in as a person (ie having to type in a password), have passwords up to 50 characters long, I type them in a txt editor, usually they are complete giberish and cut and paste them into the passwd screen) I have never been compromised. so Webmin will fine if used hand in hand with a decent password policy.. rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, 19 November 2001 5:08 PM To: [EMAIL PROTECTED] Subject: [expert] Webmin Hi All, How secure is webmin, I know that is uses a https server, but I need to administer a machine remotely. The MDK 8 box has bastille loaded and currently all ports except ssh, are bolted down. How safe would it be for me to allow the port 10000 for webmin. Is this good or is there some real threats associated with this. Webmin is already installed and is used accross the SOHO network...it's just an issue of opening the WEB side access. TIA Dave. ----------------------------------------------------------------- This message was sent via the web interface to Sniff Out's POP3 Email - http://www.sniffout.net/
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
