?
Solved

Will installing a VPN on my LAMP server disrupt public services?

Posted on 2013-06-14
7
Medium Priority
?
461 Views
Last Modified: 2013-06-17
I am considering installing some private services (Perforce in particular) on a LAMP server that also hosts public websites, does mail services, runs a DNS server, etc.

I would like to require authentication and encryption for the private services.  A VPN server seems appropriate ... but ... can I keep the public services unhindered by the VPN and do this?

Thanks!
0
Comment
Question by:Daniel Wilson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 39249422
VPN is a separate secure path to resources on the system that makes the remote systems that establish a VPN appear as local to the server.

Generally, a VPN server option on a system does not have any impact on other public services on the system.

Could you clarify your concern?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250573
I want encryption & authentication required to access port 1666, but no such requirement for 80, 25, 110, etc.  I mean, beyond what SSH, FTP, POP, etc. already run.

I'm a software guy, not a network guy, so maybe I have completely the wrong idea.  But at http://perforce.com/perforce/r10.1/manuals/p4sag/03_superuser.html#1080319 the guide says
Warning
      
Although ticket-based authentication provides a more secure authentication mechanism than password-based authentication, it does not encrypt network traffic between client workstations and the Perforce server.
If you are accessing Perforce over an insecure network, use a third-party tunneling solution (for example, ssh or a VPN) regardless of the authentication method you choose.

How would I go about doing that?  Without risking my http/pop/ftp/ssh services?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250620
Perhaps a proxy is what I want instead of a VPN ...
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 79

Expert Comment

by:arnold
ID: 39250742
What exactly are you looking to secure? You can setup a site on apache that requires authentication to gain access either via programming in PHP or based on .htaccess settings.  The difference between these approaches deals with how you audit who accessed the pages within.  .htaccess stores the data in the log files and reqcrunches the data.uires a second process that crunches the logs while the application level control such as PHP, etc. the auditing can be part of the application.

For encryption, you need to either buy a certificate and configure SSL on apache, or generate a self signed certificate where the users will be warned that the certificate is untrusted.
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250815
Perforce is a source code control server.  It does not operate through Apache or another web server.  It is a server in its own right.

I'm interested in securing it b/c it will control source code -- intellectual property for some of my projects.
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 39250900
Using a reverse secure proxy will deal with securing the connection with encryption.
The authentication should be built into the application, or you would include authentication scheme into the reverse proxy.

You can use squid or apache as a reverse proxy.
With INtelectual property, maintaining a record of who accessed and did what is extremely important.

There are other open source document management systems as well as source code.
Alfresco document management.
Subversion is a good source control with versioning.

I am unfamiliar with perforce, it seems it includes a client.
So not sure whether the server/client setup of perforce includes a securing mechanism.
0
 
LVL 32

Author Closing Comment

by:Daniel Wilson
ID: 39253416
Thanks, Arnold.  I'm checking out squid now ...
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month9 days, 8 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question