[Nottingham] Exposing our internal network

Andy Davidson andy at nosignal.org
Fri Dec 2 11:36:12 GMT 2005

Michael Leuty wrote:
> I should be grateful for your comments on how risky it is to open ports 22 
> and 80, and whether Firestarter provides adequate defence against script 
> kiddies. (I take it for granted that the gurus on this list would be able 
> to break in without working up a sweat.  ;-)

Dropping an OpenVPN (for example) server onto your network perimieter 
might be the cleanest way to handle access to your internal network from 
the outside.  Your internal web applications will not be safe from 
internal bad-pennies of course, though, so if you think you have reason 
to worry that your calendar application is risky, I'd try to get it fixed !

There are stable clients for mac, Linux and Windows, and $dayjob uses it 
extensively - we found it easy to extend the authentication system to do 
convenient logging and reporting in the way that we wanted.


More information about the Nottingham mailing list