[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Safety of Allowing Access from Internet



Currently, I'm not open to the internet. I'm open to the county network. The problem will be convincing them to give me an IP address that's visible
from outside the county network. Some network services don't work generally because everything that goes out has to go through a proxy server.


See, your last comment is exactly the reason why the county IT people don't want to give anybody access from the outside. They're so afraid something
bad might happen that they don't want to take a chance. I can understand that on one level, but on another level, if you're so busy avoiding something bad that you prevent something good from happening (like letting my students work from home...I'm at school every day until about 4:00 and most days at least one kid is there with me), then the cyber-terrorists have won.


Todd

On Friday, December 6, 2002, at 01:17 PM, Steve Wright wrote:

Todd O'Bryan wrote:



So... I would recommend against putting a K12LTSP server on the
internet. Instead, put it behind a firewall, and forward port 22 (ssh)
from the FW to the LTSP box.



Is there a way to do this when installing? I set up "High" security and only
checked SSH when I installed K12LTSP on my server. Are there extra
steps to create a firewall, or did that do so?


that is all, with regards to the firewall.

With ssh open to the Internet, you should expect that crackers will regularly attempt to break it - trust me on this.

now you must ;

1.) Make *certain* that your sshd is the very latest one possible (for your distro) - certainly apply any updates

2.) Make *certain* up2date is registered with RedHat, and you are recieving updates automatically. (allow *outgoing* connects on this port *only*)


and then you can *mostly* relax ! 8-)



DISCLAIMER: There will be something you, and I, will have missed out.. and you still might get bitten.. 8-}



regards, Steve




_______________________________________________ K12OSN mailing list K12OSN redhat com https://listman.redhat.com/mailman/listinfo/k12osn For more info see <http://www.k12os.org>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]