Icecast - Mar 2013 - Protect Icecast Admin/Run on different port?

Hi list,

We're new to Icecast and we're looking at securing the admin functions. 
I've trawled the docs but it's not clear to me if we are able to run 
this on a different TCP port to the streams themselves.

Has anyone with a little more experience any insight into this?

Thanks,

David.

reflum,

On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote:
> Hi list,
> 
> We're new to Icecast and we're looking at securing the admin
functions.
> I've trawled the docs but it's not clear to me if we are able to
run
> this on a different TCP port to the streams themselves.
> 
> Has anyone with a little more experience any insight into this?
You can not run the admin interface on a diffrent port.
I also don't see how that should improve security.

Which kind of attac do you try to protect against? Maybe I can help you
if you tell a bit more about your overall goal.

In general: Use strong passwords. Avoid sending them in plain text.

Hope this answer helped you a bit already.

-- 
Philipp.
 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url :
http://lists.xiph.org/pipermail/icecast/attachments/20130403/31f7952c/attachment.pgp

On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:
> reflum,
>
> On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote:
> > Hi list,
> >
> > We're new to Icecast and we're looking at securing the admin
functions.
> > I've trawled the docs but it's not clear to me if we are able
to run
> > this on a different TCP port to the streams themselves.
> >
> > Has anyone with a little more experience any insight into this?
>
> Hi Philipp,
Thanks for your reply.

> You can not run the admin interface on a diffrent port.
> I also don't see how that should improve security.
>
> We would not expose the administrative port to the world, rather to a
range of trusted IP addresses.

> Which kind of attac do you try to protect against? Maybe I can help you
> if you tell a bit more about your overall goal.
>
> The goal is just really to restrict administrative access to the systems.
> In general: Use strong passwords. Avoid sending them in plain text.
>
That is a given, I have yet to investigate what external AAA resources we
can use in this case e.g. RADIUS, LDAP.

David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.xiph.org/pipermail/icecast/attachments/20130403/ab8490b6/attachment-0001.htm

On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:
> reflum,
>
> On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote:
> > Hi list,
> >
> > We're new to Icecast and we're looking at securing the admin
functions.
> > I've trawled the docs but it's not clear to me if we are able
to run
> > this on a different TCP port to the streams themselves.
> >
> > Has anyone with a little more experience any insight into this?
>
> Hi Philipp,
Thanks for your reply.

> You can not run the admin interface on a diffrent port.
> I also don't see how that should improve security.
>
> We would not expose the administrative port to the world, rather to a
range of trusted IP addresses.

> Which kind of attac do you try to protect against? Maybe I can help you
> if you tell a bit more about your overall goal.
>
> The goal is just really to restrict administrative access to the systems.
> In general: Use strong passwords. Avoid sending them in plain text.
>
That is a given, I have yet to investigate what external AAA resources we
can use in this case e.g. RADIUS, LDAP.

David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.xiph.org/pipermail/icecast/attachments/20130403/a4a9927e/attachment.htm

On 3 April 2013 02:19, Philipp Schafft <lion at lion.leolix.org> wrote:
> reflum,
>
> On Thu, 2013-03-28 at 14:28 +0000, David Farrell wrote:
> > Hi list,
> >
> > We're new to Icecast and we're looking at securing the admin
functions.
> > I've trawled the docs but it's not clear to me if we are able
to run
> > this on a different TCP port to the streams themselves.
> >
> > Has anyone with a little more experience any insight into this?
>
> Hi Philipp,
Thanks for your reply.

> You can not run the admin interface on a diffrent port.
> I also don't see how that should improve security.
>
> We would not expose the administrative port to the world, rather to a
range of trusted IP addresses.

> Which kind of attac do you try to protect against? Maybe I can help you
> if you tell a bit more about your overall goal.
>
> The goal is just really to restrict administrative access to the systems.
> In general: Use strong passwords. Avoid sending them in plain text.
>
That is a given, I have yet to investigate what external AAA resources we
can use in this case e.g. RADIUS, LDAP.

David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.xiph.org/pipermail/icecast/attachments/20130403/8f3a04d3/attachment.htm