[K12OSN] port blocking
Nils Breunese
nils at breun.nl
Fri Apr 11 07:12:36 UTC 2008
James P. Kinney III wrote:
> On Thu, 2008-04-10 at 08:57 +0200, Nils Breunese wrote:
>> James P. Kinney III wrote:
>>
>>
>>> 1. Remove the NIC from the windows machines will stop the problem.
>>> (isn't w2k EOL'ed now? No more security fixes?)
>>
>> K12LTSP5 has reached EOL as well.
>
> True. But it at least _started_ from a sound security footing :)
>
> Actually, as long as a K12LTSP5 server does NOT have a directly
> connected outward facing NIC, it is possible to use it's built in
> firewall (iptables) to create a very secure system. The security
> risk is
> from the client facing side anyway. The only real danger is user
> elevation to root security holes. There is no reason to run other
> outward facing services on a K12LTSP server other than ssh.
I hear people are running webservers with Moodle and stuff like that
on K12LTSP all the time. Of course there are reasons to run other
outward facing services. Yeah, you could also run stuff like that on
another box, but maybe you don't have one.
Nils Breunese.
More information about the K12OSN
mailing list