Re: [hylafax-users] Hylafax Server on the Internet

[Andres Paglayan <andres@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Nov 6, 2007, at 6:52 AM, Aidan Van Dyk wrote:

> * hflist@xxxxxxxxxxxx <hflist@xxxxxxxxxxxx> [071106 08:44]:
> > Hello, i have a customer working with an headquartet where is  
> > situateed an
> > Hylafax Server.
> >
> > He has got 10 remote offices connected with the Internet with dynamic
> > address, and there is no VPN connection beetwen the headquartet  
> > and the
> > remote branches.

bad

> > Remote branches would like to use WHFC on Windows Clients in order  
> > to send
> > fax; do you think it is safe to publish hylafax ports on the  
> > Internet with
> > no Firewall filtering (remote branches has dynamic IP, i cannot  
> > filter)?
> >
> > Is Hylafax authentication enough sure and Hylafax Server with WHFC  
> > can
> > work over NAT protocol?
> >
> > Thank you in advance for your interest, regards!
>
>
> HylaFAX uses clear-text user/password authentication, similar to FTP.
> There are no *known* issues that allow un-authorized clients to access
> or compromize the underlying system.
>
> If you're comfortable with that, go ahead...  I know most people
> wouldn't be comfortable sending their passwords in the clear, or  
> leaving
> the system "open" for people to try every password possible...
>
> Basic security is simple enough that the risks of no security are just
> not worth it.   If you're the easiest target around, you'll be the  
> first
> one hit.
>
> I mean, VPNs are easy enough that it's just not worth the risk.  There
> are many of VPN solutions.  An easy one - put openvpn server on your
> HylaFAX server, and stick openvpn on every client that needs to  
> talk to
> it.

I second that, with a spin,
we use IPCop,

you can install it very easily on any PIII and use it as firewall and  
vpn access,

If you want road warriors access,
use openvpn for IPCop, it is a module, but very easy to install,

you then have two options,
install an IPCop at every office that will automatically be "tunneled  
in"
thus, no hylafax authentication needed at all, (easier, preferred)

or install an OpenVPN client at every computer that faxes
(more overhead traffic, less controll, more maintenance)

> --
> Aidan Van Dyk                                              
> aidan@xxxxxxxx
> Senior Software Developer                          +1 215 825-8700  
> x8103
> iFAX Solutions, Inc.                                http:// 
> www.ifax.com/

Andres Paglayan

- - - --"Harmony is more important than being right"
Bapak




- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD4DBQFHMJgS+CRUz9r7YC8RAmttAJ93SxifTY9f0Ko0vI35lW5uevkRPgCYmqdg
jL8bfDU3wdxCdaIa5thT5A==
=liIp
- - -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHMJge+CRUz9r7YC8RAlaGAJwNggB5vQ1dSDLbp2iOLVX6vIFvggCeMgKe
cobiNDpg9Fbww3ZRe1gFMY0=
=8rxf
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFHMJjs+CRUz9r7YC8RAuRAAJ9IRluv9AzbQ3S3uF7MQPxAIy/aswCcCLRA
DGqGAhTSwczYiXN7Hfu+TKs=
=ry0+
-----END PGP SIGNATURE-----


____________________ HylaFAX(tm) Users Mailing List _______________________
 To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
 *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*