[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] News Server



On Wed, 06 Nov 2002 08:22:05 +1300, you wrote:

> Henning Petersen Wangerin wrote:
> 
> >On Tue, 5 Nov 2002 08:14:36 -0600, you wrote:
> >
> >>Why not use a bulletin board that is strictly internal?  If not internal
> >>than put it up on Binkster or some other free server? I'm like you, I don't
> >>think that I could be comfortable bring in a news server to our district.
> >>
> >
> >Why not? 
> >There is no need at all to make the news-server peer to usenet.
> >
> 
> Absolutely.  If you utterly firewall the news server *in* there is 
> limited risk.  

Sure your firewall should block from outside, but if you want to do
anything you block both ways.

> Standard security policy is to disable non-essential 
> services, particularly when they are difficult or convoluted to protect. 
>  News: just like NFS is difficult to protect - so you firewall it in - 
> end of story.

Yeah, but if, as you say your self, your firewall block port 119 (in
and out) your server is still not able to get anything - alt least not
more than the user himself is able to get from the net.

> Even with these services protected - you still have client software 
> running, with exceeedingly hazardous (to your career) material on the 
> other side of your firewall.  How will you guarantee the firewall 
> remains secure ?  How will you check if kids are attempting to get 
> through it ?  Do you watch the firewall logs for attempts at port 119 ? 
>   You must be able to detect a covert team of hax0rs on your network, 
> because sooner-or-later there will be one.

Sure, but do you considder a php script running as a bbs-style
web-service more secure than eg INN?

I cann't tell witch one is the most secure, and I double there are
many that will garantee you anything like that.

> >It's my plan to combine it in my company using a news-server to
> >maintain archives of a number of mailinglists. But for those who don't
> >wanting news-access or prefering a bbs-style access they access the
> >news-server via a web-page.
> >
> 
> Fine.  but at a school, you had better have it correct - the first 
> time.. or there will be headlines in the papers and it will have your 
> name on it.

I totally agree, but I don't see how a general solution as a bbs-board
contra a news-server make any diffence on your security.

> Web services are a necessary evil, but we have a good tool for 
> protecting that.  

Yeah more or (I'd say) less. 

> Also, it's relatively difficult to get "good quality" 
> pr0n etc from the web but it is utterly trivial to get it from the 
> newsgroups, and lots of it.

If you want it, there is no problem getting it, I'm sure - and the
kids wanting it, surely knows where to get it - despite your filters. 

But as long as you don't let the big usenet come in, I really don't se
the problem in the porn on usenet. The kids will not have better or
worse access to that if, or if not you run a _local_ non-peering
news-server.

> be careful out there..

Thanx - and you (and everybody else) too


-- 
Venlig hilsen / Best regards
	Henning

 _H_P_C_o_n_s_u_l_t_    http://www.hpc.dk
 Skoletoften 9, Blans   http://www.turnsys.dk
 DK - 6400 Soenderborg





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]