[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] News Server



Henning Petersen Wangerin wrote:

On Wed, 06 Nov 2002 09:55:40 +1300, you wrote:


Nothing is stronger than the weakest link ;-) But I think we agree.


certainly. 8-)



Sure, but do you considder a php script running as a bbs-style
web-service more secure than eg INN?

I cann't tell witch one is the most secure, and I double there are
many that will garantee you anything like that.

There is a difference ;

If users can hack your PHP script then they can break your web server. Most PHP groupware-type applications are well tested, but if users *do* crack it, they still don't have access to hazardous material.

If they successfully hack your News server - they only need to import one group... no question about it - and your name goes in the paper.. 8-/


Yeah, but what about someone hacking your file-server, and storing images there?


You don't need to hack a K12LTSP system to put images on it - you just put the images on it.




What I'm saying is that a combination of a firewall blocking _all_ port 119 (in _and_ out) and a news server _your_ control would not be more insecure than a php script.

Even if the news-server was hacked, it wouldn't be able to get info
from the outside-world, so what's the problem?


The problem, IMO, that using news *at all* is like playing with gasoline, but taking all precautions to remove ignition sources.. You better hope you got 'em all.


Once the kids are using a news client, some smarty will pipe-up with a remark like "you know you can do this at home ay...." and there's lots more groups out there than this.. Most kids have never heard of usenet.


Why we're taking of a 100% internal server, so the firewall will not
accept external connections - sure if you allow polling from external
servers, you _might_ have a posibility, but as long as it's local, and
your firewall stops 119 where should this "high quality porn" come
from?


Absolutely! no problem! but *IF*, *one day* you have *any* firewall breach, the kids have a tool in their hands that will cause more damage than you want to dream about. I don't think it is necessary - different story if it was a critical service viz HTTP..



[....] For the exercise, my Wife and I spent an hour (at home) digging the web for access to xxx material. We found there was plenty of images that were not appropriate because of the context in which they were portrayed. However, we found near zero material that was high quality porn - everything required a credit card number, or else it was 80x120 pixels in 8 bits or less..

And then we duplicated our test on the newsgroups.. 5 minutes later we had 200+ images ready to download... and rapidly terminated that test...
and permanently blocked nntp in and out.



Sure the newsgroups are widely open, and don't know your filters on www, but there are plenty of sites also free and open on www.


heh heh, most of that material is innapropriate, but pretty standard. Some articles available on usenet you will struggle to remove from your mind for some time..


Still I agree that til porn part of usenet has noting to do in the
schools, but I must admit I can't follow you on your general view on
the nntp as unsecure.


My point is : Why add an additional, non essential service when, if it goes wrong, it will go very, very, wrong. No other internet service fits this category, except perhaps IRC.



There are lots of user-groups running public news-servers more or less open to the public with no problem - as long as they are not peered to the global usenet-network everythink works fine.


As I have said, if you can do it securely, do share. I gave up because of security concerns.



Or maybee we're just facing differences in the point of view between the US and Denmark ;-)


I don't live in the US. And I'm quite sure your commitment to kids internet safety, at least equals mine.



</thread>


/sw






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]