Re: [hylafax-users] Hylafax Server on the Internet

[Aidan Van Dyk <aidan@xxxxxxxx>]

* hflist@xxxxxxxxxxxx <hflist@xxxxxxxxxxxx> [071106 08:44]:
> Hello, i have a customer working with an headquartet where is situateed an
> Hylafax Server.
> 
> He has got 10 remote offices connected with the Internet with dynamic
> address, and there is no VPN connection beetwen the headquartet and the
> remote branches.
> 
> Remote branches would like to use WHFC on Windows Clients in order to send
> fax; do you think it is safe to publish hylafax ports on the Internet with
> no Firewall filtering (remote branches has dynamic IP, i cannot filter)?
> 
> Is Hylafax authentication enough sure and Hylafax Server with WHFC can
> work over NAT protocol?
> 
> Thank you in advance for your interest, regards!


HylaFAX uses clear-text user/password authentication, similar to FTP.
There are no *known* issues that allow un-authorized clients to access
or compromize the underlying system.  

If you're comfortable with that, go ahead...  I know most people
wouldn't be comfortable sending their passwords in the clear, or leaving
the system "open" for people to try every password possible...

Basic security is simple enough that the risks of no security are just
not worth it.   If you're the easiest target around, you'll be the first
one hit.

I mean, VPNs are easy enough that it's just not worth the risk.  There
are many of VPN solutions.  An easy one - put openvpn server on your
HylaFAX server, and stick openvpn on every client that needs to talk to
it.



-- 
Aidan Van Dyk                                             aidan@xxxxxxxx
Senior Software Developer                          +1 215 825-8700 x8103
iFAX Solutions, Inc.                                http://www.ifax.com/

Attachment: signature.asc
Description: Digital signature