On Fri, Jul 18, 2003 at 11:04:53AM -0700, Cooper Stevenson wrote: > On Fri, 2003-07-18 at 10:17, Cory Petkovsek wrote: > > > Without another firewall, the server itself should be the firewall by > > compiling in netfilter. Netfilter should be here in order to block > > ports that are not allowed open, even if the daemon needs to be running. > > Good point. Alternatively, you may simply use IP tables to do this. Iptables is the interface that configures netfilter, which is the firewalling code in the 2.4 kernels. No netfilter, no iptables.
> > Accessing a samba share across the internet is not secure. Since you > > mention it may not be behind a firewall, this means samba is available > > to the internet. > > [snip] > > I am sorry, but this is not correct. The clients accessing the share > through IMAP. I have a server like this running that allows only IMAP, > SMTP, and HTTP through. Everything happens through port 143. What is not correct? Are you refuting that accessing a samba share across the internet is insecure? Or are you saying my interpretation of your setup is not correct. You had said the system may be one system and it may not have a firewall. Logic leads us to believe that samba would be on a machine plugged directly in to the internet. Without a firewall, this is not secure. Without a firewall, how can you require all communications to occur through port 143? Also port 143 is for imap without ssl, which means plain text passwords having access to not only an imap server but also a file server through imap and is even less secure with greater liability than using samba. Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
