Quoting Cole Tuininga <[EMAIL PROTECTED]>:
>
> To a limited extent, I have to respectfully disagree.
>
> Bruce Dawson wrote:
> >
> > You can configure your firewall to allow FTP connections through.
> However this
> > is generally considered a really bad thing to do for several reasons:
> >
> > 1. FTP passes passwords in clear text - anyone on the Mediaone segment
> can sniff
> > them out.
>
> While the concept here is true (ftp/plaintext passwords/BAD thing), I
> don't believe that MediaOne users can sniff. I put my card at home into
> promisc mode, took a look at a sniffer, and saw nothing but my own
> traffic. I would reiterate that the point below about using ssh/scp
> would be a MUCH better idea.
Hummm. I guess MediaOne/AT&T has finally screwed down all their cable modems.
When I first started using the service a few years ago, you wouldn't believe
the traffic I saw!
> > (ftp, web, mail, ...) You'll need a moderatly powerful system to
> handle the
> > load, but those are relatively cheap... And you should advise your
> user
> > community that the site should not be considered secure.
>
> Honestly, depending on the number of users, etc, etc, the requirements
> might not be all that high. I'm doing all of this on a single PPro 200
> with 32 MB and a 2 gig drive. Again though, Bruce has an excellent
> point in saying that you should warn users about the security concern.
Agreed - sizing a system for this kind of community can be an exercise in
frustration. It really depends on the user base, what they're doing with their
web server, Squid configuration, ... Its more likely that they will swamp their
MediaOne connection before the firewall system. (But if they're doing at-home
coursework using something like AUC, then they'll be needing a moderately
powerful system - probably a P2 or a low-end P3).
--Bruce
-------------------------------------------------
This mail sent through IMP: brucedawson.ne.mediaone.net
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
