David Farrell
2013-Mar-28 14:28 UTC
[Icecast] Protect Icecast Admin/Run on different port?
Hi list, We're new to Icecast and we're looking at securing the admin functions. I've trawled the docs but it's not clear to me if we are able to run this on a different TCP port to the streams themselves. Has anyone with a little more experience any insight into this? Thanks, David.
Philipp Schafft
2013-Apr-03 01:19 UTC
[Icecast] Protect Icecast Admin/Run on different port?
reflum, On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote:> Hi list, > > We're new to Icecast and we're looking at securing the admin functions. > I've trawled the docs but it's not clear to me if we are able to run > this on a different TCP port to the streams themselves. > > Has anyone with a little more experience any insight into this?You can not run the admin interface on a diffrent port. I also don't see how that should improve security. Which kind of attac do you try to protect against? Maybe I can help you if you tell a bit more about your overall goal. In general: Use strong passwords. Avoid sending them in plain text. Hope this answer helped you a bit already. -- Philipp. (Rah of PH2) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 482 bytes Desc: This is a digitally signed message part Url : http://lists.xiph.org/pipermail/icecast/attachments/20130403/31f7952c/attachment.pgp
David Farrell
2013-Apr-03 07:07 UTC
[Icecast] Protect Icecast Admin/Run on different port?
On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:> reflum, > > On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote: > > Hi list, > > > > We're new to Icecast and we're looking at securing the admin functions. > > I've trawled the docs but it's not clear to me if we are able to run > > this on a different TCP port to the streams themselves. > > > > Has anyone with a little more experience any insight into this? > > Hi Philipp,Thanks for your reply.> You can not run the admin interface on a diffrent port. > I also don't see how that should improve security. > > We would not expose the administrative port to the world, rather to arange of trusted IP addresses.> Which kind of attac do you try to protect against? Maybe I can help you > if you tell a bit more about your overall goal. > > The goal is just really to restrict administrative access to the systems.> In general: Use strong passwords. Avoid sending them in plain text. >That is a given, I have yet to investigate what external AAA resources we can use in this case e.g. RADIUS, LDAP. David. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/icecast/attachments/20130403/ab8490b6/attachment-0001.htm
David Farrell
2013-Apr-03 07:08 UTC
[Icecast] Protect Icecast Admin/Run on different port?
On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:> reflum, > > On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote: > > Hi list, > > > > We're new to Icecast and we're looking at securing the admin functions. > > I've trawled the docs but it's not clear to me if we are able to run > > this on a different TCP port to the streams themselves. > > > > Has anyone with a little more experience any insight into this? > > Hi Philipp,Thanks for your reply.> You can not run the admin interface on a diffrent port. > I also don't see how that should improve security. > > We would not expose the administrative port to the world, rather to arange of trusted IP addresses.> Which kind of attac do you try to protect against? Maybe I can help you > if you tell a bit more about your overall goal. > > The goal is just really to restrict administrative access to the systems.> In general: Use strong passwords. Avoid sending them in plain text. >That is a given, I have yet to investigate what external AAA resources we can use in this case e.g. RADIUS, LDAP. David. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/icecast/attachments/20130403/a4a9927e/attachment.htm
David Farrell
2013-Apr-03 07:08 UTC
[Icecast] Protect Icecast Admin/Run on different port?
On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:> reflum, > > On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote: > > Hi list, > > > > We're new to Icecast and we're looking at securing the admin functions. > > I've trawled the docs but it's not clear to me if we are able to run > > this on a different TCP port to the streams themselves. > > > > Has anyone with a little more experience any insight into this? > > Hi Philipp,Thanks for your reply.> You can not run the admin interface on a diffrent port. > I also don't see how that should improve security. > > We would not expose the administrative port to the world, rather to arange of trusted IP addresses.> Which kind of attac do you try to protect against? Maybe I can help you > if you tell a bit more about your overall goal. > > The goal is just really to restrict administrative access to the systems.> In general: Use strong passwords. Avoid sending them in plain text. >That is a given, I have yet to investigate what external AAA resources we can use in this case e.g. RADIUS, LDAP. David. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/icecast/attachments/20130403/8f3a04d3/attachment.htm