[PLUG] Re: [eug-lug]Spam Filtering With Remote Access

Cooper Stevenson cooper at cooper.stevenson.name
Fri Jul 18 10:39:01 UTC 2003


On Fri, 2003-07-18 at 10:17, Cory Petkovsek wrote:

> Without another firewall, the server itself should be the firewall by
> compiling in netfilter.  Netfilter should be here in order to block
> ports that are not allowed open, even if the daemon needs to be running.

Good point. Alternatively, you may simply use IP tables to do this.

> Accessing a samba share across the internet is not secure.  Since you
> mention it may not be behind a firewall, this means samba is available
> to the internet.

[snip]

I am sorry, but this is not correct. The clients accessing the share
through IMAP. I have a server like this running that allows only IMAP,
SMTP, and HTTP through. Everything happens through port 143.

For added security, install a second NIC pointing to the Intranet and
route the SMB traffic. 

Also please note that all communications are handled via Secure Socket
Layer (SSL).

[snip]

> 
> If you want remote clients to access samba remotely then freeswan

For full blown access, VPN is unquestionably the best way to go. For
small and medium sized business travelers who need to be nimble and for
employees who want a convenient way to access documents from home, I
recommend this approach.  

> This is true, relying on imap/ssl could provide secure remote access
> without a vpn, however only with imap minus ssl disabled

Right. I simply will configure "plain text" communication for my
customers. It's a simple thing to just check the SSL box during the
client's setup.

Best,
-- 
--------------------------------------------------------------
| Cooper Stevenson        | Em: cooper at cooper.stevenson.name |
| Open Source Consultant  | Ph: 541.924.9434                 |
--------------------------------------------------------------






More information about the PLUG mailing list