Security features to negate desire for separate port for root login

[somecallmemike]

It would be a great security benefit if we could lock out root access to any IP address but our own LAN. Unfortunately the WHM needs to be accessible on port 2086 & 2087 to everyone including root, which in our minds is a security issue. I imagine a couple if statements in your authentication module tracking what port the user is accessing and whether or not they are trying the root account would be a simple framework for building this feature.

Thanks,

Somecallmemike

[cPanelDavidG]

It would be a great security benefit if we could lock out root access to any IP address but our own LAN. Unfortunately the WHM needs to be accessible on port 2086 & 2087 to everyone including root, which in our minds is a security issue. I imagine a couple if statements in your authentication module tracking what port the user is accessing and whether or not they are trying the root account would be a simple framework for building this feature.

Thanks,

Somecallmemike

In the next version of cPanel/WHM (11.25.1) we will be introducing functionality we call Security Policy. Part of this is the ability to enable IP validation for logins. This means that if someone attempts to login to root from an unusual IP range (e.g. if you always login via your LAN, now someone is trying to login as root from outside your LAN), they will be prompted to answer several security questions you set up ahead of time. They will need to answer the questions correctly before logging in. These questions are only asked when someone attempts to login to an account (e.g. root) from a range that is not normal for that account to be logging in from.

Now, let's say you needed to login to your box while at HostingCon (where cPanel will be exhibiting, BTW). You can go through this process of answering the security questions, then when you're back at your desk at work, remove that IP address you logged in from while at HostingCon.

If I understand your specific situation correctly, this functionality will meet your needs. If so, let me know so I can merge this thread with our existing thread for Security Policy so you can receive updates regarding its implementation. A progress bar summarizing progress of this feature's implementation is available at:

Software Releases - cPanel Inc.

[Infopro]

Please Note: Important cPanel/WHM Version Number Designation Change

As of July 28, 2010 the cPanel/WHM version number designations have been officially changed.

Version 11.25.1 is now designated 11.28 and version 11.25.2 is now designated 11.30.

These new changes were explained in some detail recently at the July 2010 - Quarterly Road map - Webinar direct from cPanel's PodCast Studio in Houston, Texas with speakers David Grega and Mario Rodriguez.

An official press release about these changes is forthcoming and can be accessed at this link as soon as it's made available to the Forum Team:
Important cPanel/WHM Version Number Designation Change (To be updated)

This post serves to update users who are subscribed to threads (where this message is posted) looking forward to upcoming enhancements in future versions of cPanel.

[cPanelDavidG]

In the next version of cPanel/WHM (11.25.1) we will be introducing functionality we call Security Policy. Part of this is the ability to enable IP validation for logins. This means that if someone attempts to login to root from an unusual IP range (e.g. if you always login via your LAN, now someone is trying to login as root from outside your LAN), they will be prompted to answer several security questions you set up ahead of time. They will need to answer the questions correctly before logging in. These questions are only asked when someone attempts to login to an account (e.g. root) from a range that is not normal for that account to be logging in from.

Now, let's say you needed to login to your box while at HostingCon (where cPanel will be exhibiting, BTW). You can go through this process of answering the security questions, then when you're back at your desk at work, remove that IP address you logged in from while at HostingCon.

If I understand your specific situation correctly, this functionality will meet your needs. If so, let me know so I can merge this thread with our existing thread for Security Policy so you can receive updates regarding its implementation. A progress bar summarizing progress of this feature's implementation is available at:

Software Releases - cPanel Inc.

This functionality is now propagating with version 11.28.

[cPanelDavidG]

This functionality is now available in all update tiers of cPanel&WHM. I am now closing and archiving this request thread.