Re: [hylafax-users] Hylafax Server on the Internet

To: hylafax-users@xxxxxxxxxxx
Subject: Re: [hylafax-users] Hylafax Server on the Internet
From: Andres Paglayan <it@xxxxxxxxx>
Cc: hflist@xxxxxxxxxxxx, Aidan Van Dyk <aidan@xxxxxxxx>
Date: Tue, 6 Nov 2007 09:43:18 -0700

On Nov 6, 2007, at 6:52 AM, Aidan Van Dyk wrote:

* hflist@xxxxxxxxxxxx <hflist@xxxxxxxxxxxx> [071106 08:44]:

Hello, i have a customer working with an headquartet where is situateed an
Hylafax Server.

He has got 10 remote offices connected with the Internet with dynamic
address, and there is no VPN connection beetwen the headquartet and the
remote branches.

bad

Remote branches would like to use WHFC on Windows Clients in order to send
fax; do you think it is safe to publish hylafax ports on the Internet with
no Firewall filtering (remote branches has dynamic IP, i cannot filter)?

Is Hylafax authentication enough sure and Hylafax Server with WHFC can
work over NAT protocol?

Thank you in advance for your interest, regards!

HylaFAX uses clear-text user/password authentication, similar to FTP.
There are no *known* issues that allow un-authorized clients to access
or compromize the underlying system.

If you're comfortable with that, go ahead... I know most people
wouldn't be comfortable sending their passwords in the clear, or leaving
the system "open" for people to try every password possible...

Basic security is simple enough that the risks of no security are just
not worth it. If you're the easiest target around, you'll be the first
one hit.

I mean, VPNs are easy enough that it's just not worth the risk. There
are many of VPN solutions. An easy one - put openvpn server on your
HylaFAX server, and stick openvpn on every client that needs to talk to
it.

I second that, with a spin,

we use IPCop,

you can install it very easily on any PIII and use it as firewall and vpn access,

If you want road warriors access,

use openvpn for IPCop, it is a module, but very easy to install,

you then have two options,

install an IPCop at every office that will automatically be "tunneled in"

thus, no hylafax authentication needed at all, (easier, preferred)

or install an OpenVPN client at every computer that faxes

(more overhead traffic, less controll, more maintenance)

--
Aidan Van Dyk aidan@xxxxxxxx
Senior Software Developer +1 215 825-8700 x8103
iFAX Solutions, Inc. http://www.ifax.com/

Andres Paglayan

- - - --"Harmony is more important than being right"

Bapak

Attachment: PGP.sig
Description: This is a digitally signed message part

References:
- [hylafax-users] Hylafax Server on the Internet
  - From: hflist
- Re: [hylafax-users] Hylafax Server on the Internet
  - From: Aidan Van Dyk

Prev by Date: Re: [hylafax-users] Hylafax Server on the Internet
Next by Date: Re: [hylafax-users] Hylafax Server on the Internet
Previous by thread: Re: [hylafax-users] Hylafax Server on the Internet
Next by thread: Re: [hylafax-users] Hylafax Server on the Internet
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions