[Nottingham] Exposing our internal network
Andy Davidson
andy at nosignal.org
Fri Dec 2 11:36:12 GMT 2005
Michael Leuty wrote:
> I should be grateful for your comments on how risky it is to open ports 22
> and 80, and whether Firestarter provides adequate defence against script
> kiddies. (I take it for granted that the gurus on this list would be able
> to break in without working up a sweat. ;-)
Dropping an OpenVPN (for example) server onto your network perimieter
might be the cleanest way to handle access to your internal network from
the outside. Your internal web applications will not be safe from
internal bad-pennies of course, though, so if you think you have reason
to worry that your calendar application is risky, I'd try to get it fixed !
There are stable clients for mac, Linux and Windows, and $dayjob uses it
extensively - we found it easy to extend the authentication system to do
convenient logging and reporting in the way that we wanted.
-a
More information about the Nottingham
mailing list