[squid-users] Secure Squid authentication
Ing. Pedro Pablo Delgado Martell
ppmartell at eleka.co.cu
Thu Dec 14 13:52:08 UTC 2017
The place I was working before this one was a center with several Wi-Fi
hotspots. I didn't designed the structure of the network nor had the
privileges to change core functionalities on the network. Squid was
running as a web proxy server receiving all the traffic coming from the
Wi-Fi hotspots to the internet. When I started working there I was asked
to do a assessment job and I realized that authentication between user
and squid was non-secure (*plaintext*). This is a critical secure breach
because with a network scanner as wireshark you could easily get users
password. On a totally wired network this could be harder to achive but
on Wi-Fi hotspots you could get all the data running your device in
monitor mode. My question is:
- ¿Is there any how to tutorial about implementing SSL authentication on
squid? I guess this already has been done so a link should be enough in
order to save you guys some time.
- Second and less important, even off-topic. Putting squid out of the
ecuation, is there another way to secure the data being transmitted
between user device and Wi-Fi hotspot?
Thanks in advance!
More information about the squid-users
mailing list