Will installing a VPN on my LAMP server disrupt public services?

I am considering installing some private services (Perforce in particular) on a LAMP server that also hosts public websites, does mail services, runs a DNS server, etc.

I would like to require authentication and encryption for the private services.  A VPN server seems appropriate ... but ... can I keep the public services unhindered by the VPN and do this?

Thanks!
LVL 32
Daniel WilsonAsked:
Who is Participating?
 
arnoldConnect With a Mentor Commented:
Using a reverse secure proxy will deal with securing the connection with encryption.
The authentication should be built into the application, or you would include authentication scheme into the reverse proxy.

You can use squid or apache as a reverse proxy.
With INtelectual property, maintaining a record of who accessed and did what is extremely important.

There are other open source document management systems as well as source code.
Alfresco document management.
Subversion is a good source control with versioning.

I am unfamiliar with perforce, it seems it includes a client.
So not sure whether the server/client setup of perforce includes a securing mechanism.
0
 
arnoldCommented:
VPN is a separate secure path to resources on the system that makes the remote systems that establish a VPN appear as local to the server.

Generally, a VPN server option on a system does not have any impact on other public services on the system.

Could you clarify your concern?
0
 
Daniel WilsonAuthor Commented:
I want encryption & authentication required to access port 1666, but no such requirement for 80, 25, 110, etc.  I mean, beyond what SSH, FTP, POP, etc. already run.

I'm a software guy, not a network guy, so maybe I have completely the wrong idea.  But at http://perforce.com/perforce/r10.1/manuals/p4sag/03_superuser.html#1080319 the guide says
Warning
      
Although ticket-based authentication provides a more secure authentication mechanism than password-based authentication, it does not encrypt network traffic between client workstations and the Perforce server.
If you are accessing Perforce over an insecure network, use a third-party tunneling solution (for example, ssh or a VPN) regardless of the authentication method you choose.

How would I go about doing that?  Without risking my http/pop/ftp/ssh services?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Daniel WilsonAuthor Commented:
Perhaps a proxy is what I want instead of a VPN ...
0
 
arnoldCommented:
What exactly are you looking to secure? You can setup a site on apache that requires authentication to gain access either via programming in PHP or based on .htaccess settings.  The difference between these approaches deals with how you audit who accessed the pages within.  .htaccess stores the data in the log files and reqcrunches the data.uires a second process that crunches the logs while the application level control such as PHP, etc. the auditing can be part of the application.

For encryption, you need to either buy a certificate and configure SSL on apache, or generate a self signed certificate where the users will be warned that the certificate is untrusted.
0
 
Daniel WilsonAuthor Commented:
Perforce is a source code control server.  It does not operate through Apache or another web server.  It is a server in its own right.

I'm interested in securing it b/c it will control source code -- intellectual property for some of my projects.
0
 
Daniel WilsonAuthor Commented:
Thanks, Arnold.  I'm checking out squid now ...
0
All Courses

From novice to tech pro — start learning today.