|
Paul,
Personally, I would use another firewall between the SME server and
you
Internet link, rather than relying on the one in SME server. This firewall
could
happily run on a P-90 with 32Mb RAM, so hopefully should cost nothing. The
linux
"turnkey" firewalls, of which personally I consider IPCop the best, are
really
"plug and play" these days, and very straightforward to
install.
You
then allow access through port 80, mapped onto the Andromeda
port.
The
SME server than is able to be a server, and can allow the access to
the
files over NBT (the system used by Microsoft "shares") without getting
worried
about the security implications.
Running the SME server alone has two downsides:
1: The
inherent problems of running other services on firewalls, long
discussed
2: The
fact that it's Microsoft - no this is not a Bill-bashing thing. The problem
is
that MS is too attractive a target, and there is a lot of hacker activity
involved in finding new loopholes. As a result of that, it's pretty
much a
full-time job making sure you find, download and install every security
patch MS
launch. Worse than that, security patches aren't regression-tested, so
installing one might stuff up something else (that's equally true for
non-MS
products, of course!) Service Packs ARE regression tested, but waiting till
a
patch is included in the next security patch can be too
late.
However, as Tony says, it's all about acceptable risk. If the only
data
is your MP3s, and your photos (and none of the photos are things you would
mind
being distributed!), AND you are backing up your data directories, then
it's
probably OK. "OK" in the sense of, you may be prepared to accept the risk
that
some ne'er do well would steal and then trash your
data.
In
my case, I keep the accounts for my property business on the LAN, and I
_am_
concerned about them getting out :-) Hence I adopt a more paranoid
approach.
Mark
Mark,
Following suggestions from the group I am
trying
to get to grips with SME server, this has the ability to act as a
firewall/gateway webserver and also network server, which is how intend
using
it.
From what you and others have stated in this
thread this seems a very bad idea :-(
Can anyone on the list tell me if it is
possible
(and how i do it!!) to have my MP3 collection and my photo album in an IBay
on
the SME server and have them accessible from my website (using
Andromeda) as well as to my internal network as files (for audiotron
winamp etc) without compromising the firewall??
Many thanks
Paul
----- Original Message -----
Sent: Thursday, July 11, 2002 8:39
PM
Subject: [ukha_d] Re: Shuttle &
via
epia... now firewalls
> >See Mark Harrison's post on what a firewall
*should* look like.
> >_that_ is doing the job properly. Your £15
pc is not.
>
> Oh contraire, my £15 Linux based IPCop does a
sparkling job...
Well, even Tony seems to accept that I know what
I'm
talking about
when it comes to Internet security :-)
Lee - I
completely agree with you that IPCop is a very appropriate
security
system for protecting a domestic network. The base data used
to
calculate the complex bits of my tax returns is on my , and I'm
far
more
concerned about THAT being compromised than
Lee - I further agree
with you that running additional services on it
does indeed compromise
the security provided by exposing the kinds of
faults you
describe.
Tony - I agree with you that a Via is an expensive
overkill
for a
domestic firewall. However, I don't think that the right answer
is
to
install other services on it. I'm sorry, but I have to say that
doing
so creates security
holes.
Regards,
Mark
For more
information:
http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:
ukha_d-subscribe@xxxxxxx
Unsubscribe:
ukha_d-unsubscribe@xxxxxxx
List owner:
ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is
subject to the Yahoo! Terms of
Service.
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:
ukha_d-subscribe@xxxxxxx
Unsubscribe:
ukha_d-unsubscribe@xxxxxxx
List owner:
ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is
subject to the Yahoo! Terms of
Service.
________________________________________________________________________
This
email has been scanned for all viruses by the MessageLabs
SkyScan
service.
For more information on a proactive anti-virus service working
around
the
clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
| Yahoo! Groups
Sponsor |
ADVERTISEMENT
;) |
|
For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe: ukha_d-subscribe@xxxxxxx
Unsubscribe: ukha_d-unsubscribe@xxxxxxx
List owner: ukha_d-owner@xxxxxxx
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
|