I have been using SME server now for about 6 months and found the product to be very stable and easy to manage. I have not and donnot use the the server connected directly to the Internet. I use another product for the firewall and hide my SME server behind it.
I am sure that the SME server is able to perform the task no problem, and for a small company it is a very good solution, but I don't like placing my company data at the gateway to allow others to attack. Thanks Paul Jose Network Security Analyst -----Original Message----- From: Dave [mailto:[EMAIL PROTECTED]] Sent: Sunday, 28 April 2002 8:08 PM To: Security Basics Subject: Your experiences with e-smith SME Server Hi all, I have recently been evaluating e-smith v 5.1.2 for use in a fairly hostile environment and was wondering if anyone has any real-world experience with this product and any feedback based on these experiences. FWIW the hostile environemnt is the public education system so it is only hostile from the inside. The servers will be placed within a very large WAN and will be configured to upstream all http requests to a well secured clustered cache at head office, so the only concerns come from high school students on the *trusted network* and the only intention is to save bandwidth over the relatively slow WAN links. I haven't found any vulnerabilities except the recent PHP vuln's for which a patch has now been released. Unfortunately the 'powers-that-be' are convinced this product is perfect for them though they only want it as a squid proxy with a web based configuration and management portal and have now considered allowing me to at least turn off the SMB, smtp, webmail, etc. IMHO I would love to see a hardened (or just ipf'ed) OpenBSD box running squid and webmin, but I need a great weight of evidence to encourage changes of mind in this less-than-perfect organistaion. Thanks in advance for any feedback you may have Dave
