- This topic has 2 replies, 2 voices, and was last updated 5 days, 17 hours ago by
.
-
Posts
-
Hello,
Quite hard question asked by our CISO…
Is there actually a protocol break between nxhtd & nxwebplayer ?
Sever Direct Connections with a Protocol Break – TDi https://www.tditechnologies.com/2022/02/22/sever-direct-connections-with-a-protocol-break/
“A protocol break severs the direct connection of the user to your endpoints. It works by acting as a man in the middle between the user and the endpoint. Here an IP session terminates completely at the intermediate system and the data from that session is then transferred to a completely different IP session, usually using a different protocol.”
Secure Delivery of a Payload via a Protocol Break https://www.nexor.com/blog/secure-delivery-of-a-payload-via-a-protocol-break
“Rather than allowing a protocol exchange directly between System A and System B, we insert a “Catcher”, often referred to as a proxy (C in the diagram).
To System A, the Catcher looks like it is System B. So System A communicates with the Catcher quite happily.
The Catcher extracts the payload, and passes the payload to another system – the Thrower (T in the diagram).
The Thrower then talks to System B.
As far as System B is concerned it is getting information from System A.”
Does you CGI architecture guarantee such a protocol break ?
How ?
Thanks !
Regards,
Steve.
Are you referring perhaps to a protocol break by separating the web server host from the NoMachine server host? If so, yes this is already possible:
How to configure a NoMachine server to connect web sessions on localhost or on different hosts
https://www.nomachine.comAR06P00984Hello,
“separating the web server host from the NoMachine server host ”
is a good thing but it is not enough for (very) sensitive environments.
“Protocol break” is a network protocol attack protection as described on this NCSC page :
Network protocol attack protection – NCSC.GOV.UK
https://www.ncsc.gov.uk/collection/cross-domain-solutions/using-the-principles/network-protocol-attack-protectionIn our case the risk occurs if a user, from a low security domain, has a remote access to a server in a high level security domain.
We must have strong protection against an attacker who might use the components within NoMachine as a route to compromise the core network.
NCSC :”A protocol break will terminate one transmission path, extract the relevant information, and use this to initiate a new transmission path.”
So the question is : what happens in the black box “nxhtd & nxwebplayer” between the 2 components ?
Is there a network session break ?
Is there a “rewriting” of data or just an “as-is” forwarding ?Please, could you forward these hard questions to a cybersecurity expert in your teams in labs ?
Thanks,
Regards,
Steve.
You must be logged in to reply to this topic. Please login here.