[squid-users] Secure Squid authentication

Ing. Pedro Pablo Delgado Martell ppmartell at eleka.co.cu
Thu Dec 14 13:52:08 UTC 2017


The place I was working before this one was a center with several Wi-Fi 
hotspots. I didn't designed the structure of the network nor had the 
privileges to change core functionalities on the network. Squid was 
running as a web proxy server receiving all the traffic coming from the 
Wi-Fi hotspots to the internet. When I started working there I was asked 
to do a assessment job and I realized that authentication between user 
and squid was non-secure (*plaintext*). This is a critical secure breach 
because with a network scanner as wireshark you could easily get users 
password. On a totally wired network this could be harder to achive but 
on Wi-Fi hotspots you could get all the data running your device in 
monitor mode. My question is:

- ¿Is there any how to tutorial about implementing SSL authentication on 
squid? I guess this already has been done so a link should be enough in 
order to save you guys some time.

- Second and less important, even off-topic. Putting squid out of the 
ecuation, is there another way to secure the data being transmitted 
between user device and Wi-Fi hotspot?

Thanks in advance!



More information about the squid-users mailing list