HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hylafax-users] Hylafax Server on the Internet



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Nov 6, 2007, at 6:52 AM, Aidan Van Dyk wrote:


* hflist@xxxxxxxxxxxx <hflist@xxxxxxxxxxxx> [071106 08:44]:
Hello, i have a customer working with an headquartet where is situateed an
Hylafax Server.


He has got 10 remote offices connected with the Internet with dynamic
address, and there is no VPN connection beetwen the headquartet and the
remote branches.



bad


Remote branches would like to use WHFC on Windows Clients in order to send
fax; do you think it is safe to publish hylafax ports on the Internet with
no Firewall filtering (remote branches has dynamic IP, i cannot filter)?


Is Hylafax authentication enough sure and Hylafax Server with WHFC can
work over NAT protocol?


Thank you in advance for your interest, regards!


HylaFAX uses clear-text user/password authentication, similar to FTP.
There are no *known* issues that allow un-authorized clients to access
or compromize the underlying system.

If you're comfortable with that, go ahead... I know most people
wouldn't be comfortable sending their passwords in the clear, or leaving
the system "open" for people to try every password possible...


Basic security is simple enough that the risks of no security are just
not worth it. If you're the easiest target around, you'll be the first
one hit.


I mean, VPNs are easy enough that it's just not worth the risk. There
are many of VPN solutions. An easy one - put openvpn server on your
HylaFAX server, and stick openvpn on every client that needs to talk to
it.




I second that, with a spin, we use IPCop,

you can install it very easily on any PIII and use it as firewall and vpn access,

If you want road warriors access,
use openvpn for IPCop, it is a module, but very easy to install,

you then have two options,
install an IPCop at every office that will automatically be "tunneled in"
thus, no hylafax authentication needed at all, (easier, preferred)


or install an OpenVPN client at every computer that faxes
(more overhead traffic, less controll, more maintenance)


--
Aidan Van Dyk aidan@xxxxxxxx
Senior Software Developer +1 215 825-8700 x8103
iFAX Solutions, Inc. http:// www.ifax.com/

Andres Paglayan


- - - --"Harmony is more important than being right"
Bapak




- - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin)

iD4DBQFHMJgS+CRUz9r7YC8RAmttAJ93SxifTY9f0Ko0vI35lW5uevkRPgCYmqdg
jL8bfDU3wdxCdaIa5thT5A==
=liIp
- - -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHMJge+CRUz9r7YC8RAlaGAJwNggB5vQ1dSDLbp2iOLVX6vIFvggCeMgKe
cobiNDpg9Fbww3ZRe1gFMY0=
=8rxf
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHMJjs+CRUz9r7YC8RAuRAAJ9IRluv9AzbQ3S3uF7MQPxAIy/aswCcCLRA
DGqGAhTSwczYiXN7Hfu+TKs=
=ry0+
-----END PGP SIGNATURE-----


____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*




Project hosted by iFAX Solutions