On 4/20/06, Peter <[EMAIL PROTECTED]> wrote: > > On Thu, 20 Apr 2006 08:25:15 -0500, "Ben Sandee" <[EMAIL PROTECTED]> > said: > > On 4/20/06, Peter <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Finally, the last issue would be security. You would probably want to > > > > investigate some sort of VPN solution between the two networks because > > > > SlimServer really isn't designed to be left open to the internet. There > > > > have been numerous threads about this. > > > > > > VPN is overkill and adds to the latency and complexity. A simple IP > > > address filter in your router or firewall should be just as effective. I > > > believe even slimserver has a way to restrict access to certain ip > > > addresses. > > > > > > Will I would disagree, but YMMV as always. > > > > VPN is certainly not overkill if the OP is at all concerned about > > security > > of anything on either of the networks (not just the music data in > > transit). > > SlimServer could easily be used as a vector for an attack. The only > > thing > > preventing attacks is the relatively low installed base of SlimServer as > > compared to the number of computers on the internet. > > > > IP filters and MAC filters are trivial to bypass and a VPN solution > > doesn't > > Please explain, IMHO IP filters are essentially impossible to bypass > without the attacker having insider access to the internal network of > the target's ISP. A risk I'm sure most of us would be willing to take. > > > add dramatic latency in my experience. Most of the overhead in VPN > > solutions is during the setup phase (similar to SSL). Once running they > > are > > very efficient and very secure. > > I didn't say anything about dramaticality, but they unquestionably add > latency and they sure do add to the complexity, since the VPN links need > to be up all the time for this to work. I try to maintain several VPN > links and I'm sad to say they do have the tendency to go down. > > I maintain that a VPN solution is overkill for allowing an SB in a > remote location to access a slimserver in your home. Running a VPN would > be a good idea for allowing a remote laptop access to the home network. > That's what I use it for all the time. I mostly use a Windows PPTP > tunnel, but the Hamachi P2P VPN is a very nice lightweight alternative. > Useless for an SB, but SoftSqueeze could probably run over it. > > Regards, > Peter
I had to think about this one; I've always considered online security as a "you can't be too paranoid" type issue, but that should be tempered with risk vs. effort. If you don't have a PC at the remote end, of course, there isn't much else you can do. PC requirements aside, presuming that you didn't put any security in place apart from router IP filtering at the both ends, that would still leave you open to whatever exploits your routers expose. For example, there's at least one router I read about a while back that shuts down and requires a hard boot if (a) IP filtering is on and (b) it detects more than a certain number of port scans from unauthorized IPs. Means that you have no music for the rest of the weekend, unless there is someone at home you can call to reset it. I think a far better, and more stable solution, would be to set up a SSH tunnel between the two. This works really well for me streaming from work, although it does mean you need a PC at the remote end. There's plenty of good free software for doing it, for all common platforms, and its flexible enough to deal with most situations. The only thing I haven't tried is forwarding packets to and from a hardware SB; I've always used SoftSqueeze or SqueezeSlave (thanks, Richard!). Has anybody tried this? Cheers Geoff _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
