[ale] caldera w/ nt behind

Greg runman at telocity.com
Sun Oct 28 00:20:13 EDT 2001


	I guess the first thing I see is where is your security ?  if you don't
have a firewall set up I would suggest starting there.  A firewall (a proper
one) is a box that has nothing on it but firewall - no servers, no daemons
or "services" or other stuff.. less is better.  The firewall should screen
the dmz and any private networks from the Internet.   It can have 3 cards -
one to the dmz and another to the private network and another to the
internet.

	Your web server should run on a DMZ or "private network".  The reason for
my concern is if your webserver is compromised, then they are on your
private network it looks like to me.

	RAS is a M$ technology that allows a dial-up user to enter the network (M$
of course) and is treated as the same as a client on your network.  If you
wanted to merely transfer files then I would suggest using ssh on the linux
box for a secure solution and a windows comparable program (PuTTY ??) or
scp(?) - telnet is ok, but it sends everything in the clear.  I have been
warned away from the telnet that comes on nt machines and was advised to
download a telnet program from www.tucows.com.  I cannot remember the name
at present.

	At home and at work on secured machines I just use ftp / browser since all
of my dev boxes are web servers and they all have browsers.  I would stay
away from nfs.... and samba...  both have bad reputations for being insecure
in their native state but can be secured with work.

	To sum it up.
1.	Get some security.  Smoothwall is great and runs on old (468) boxes that
will allow your web server to run on a dmz and the rest of your network to
run on a secured private lan.  Takes about 30 minutes to do...but YMMV  see
www.smoothwall.org   Or build one w/ OpenBSD/Linux/whatever (*NOT* NT) with
IPTables etc.

2.	Use some secure form of allowing outsiders to dial up and get into your
boxes - ssh I would suggest.

I hope that this helps.

Greg Canter

> -----Original Message-----
> From: rob hoppe [mailto:hoppe at mindspring.com]
> Sent: Saturday, October 27, 2001 11:25 PM
> To: Greg
> Cc: ale at ale.org
> Subject: Re: [ale] caldera w/ nt behind
>
>
> Greg wrote:
>
> > I am sorry, but I don't understand.  You have a linux web server running
> > Caldera (yes ? no ? )... and where is the nt box ?  outside of
> the network ?
> > inside ?
> >
> > more info please
> >
> > greg canter
> >
> > > -----Original Message-----
> > > From: rob hoppe [mailto:hoppe at mindspring.com]
> > > Sent: Saturday, October 27, 2001 10:45 AM
> > > To: ale at ale.org
> > > Subject: [ale] caldera w/ nt behind
> > >
>
> NT is behind the linux box on a sub and second card in the linux box.
>
> internet----linux------nt
>
>
> --
> _/_/_/_/_/_/_/_/_/_/_/_/
> _/  Rob Hoppe  (Atlanta)
> _/  770-995-5099
> _/  770-560-1050 cell
> _/  154*32*21121 Nextel Radio
> _/  770-338-5885 fax
> _/  253-276-8905 efax
> _/_/_/_/_/_/_/_/_/_/_/_/
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list