Solved

Will installing a VPN on my LAMP server disrupt public services?

Posted on 2013-06-14
7
406 Views
Last Modified: 2013-06-17
I am considering installing some private services (Perforce in particular) on a LAMP server that also hosts public websites, does mail services, runs a DNS server, etc.

I would like to require authentication and encryption for the private services.  A VPN server seems appropriate ... but ... can I keep the public services unhindered by the VPN and do this?

Thanks!
0
Comment
Question by:Daniel Wilson
  • 4
  • 3
7 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 39249422
VPN is a separate secure path to resources on the system that makes the remote systems that establish a VPN appear as local to the server.

Generally, a VPN server option on a system does not have any impact on other public services on the system.

Could you clarify your concern?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250573
I want encryption & authentication required to access port 1666, but no such requirement for 80, 25, 110, etc.  I mean, beyond what SSH, FTP, POP, etc. already run.

I'm a software guy, not a network guy, so maybe I have completely the wrong idea.  But at http://perforce.com/perforce/r10.1/manuals/p4sag/03_superuser.html#1080319 the guide says
Warning
      
Although ticket-based authentication provides a more secure authentication mechanism than password-based authentication, it does not encrypt network traffic between client workstations and the Perforce server.
If you are accessing Perforce over an insecure network, use a third-party tunneling solution (for example, ssh or a VPN) regardless of the authentication method you choose.

How would I go about doing that?  Without risking my http/pop/ftp/ssh services?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250620
Perhaps a proxy is what I want instead of a VPN ...
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 76

Expert Comment

by:arnold
ID: 39250742
What exactly are you looking to secure? You can setup a site on apache that requires authentication to gain access either via programming in PHP or based on .htaccess settings.  The difference between these approaches deals with how you audit who accessed the pages within.  .htaccess stores the data in the log files and reqcrunches the data.uires a second process that crunches the logs while the application level control such as PHP, etc. the auditing can be part of the application.

For encryption, you need to either buy a certificate and configure SSL on apache, or generate a self signed certificate where the users will be warned that the certificate is untrusted.
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250815
Perforce is a source code control server.  It does not operate through Apache or another web server.  It is a server in its own right.

I'm interested in securing it b/c it will control source code -- intellectual property for some of my projects.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 39250900
Using a reverse secure proxy will deal with securing the connection with encryption.
The authentication should be built into the application, or you would include authentication scheme into the reverse proxy.

You can use squid or apache as a reverse proxy.
With INtelectual property, maintaining a record of who accessed and did what is extremely important.

There are other open source document management systems as well as source code.
Alfresco document management.
Subversion is a good source control with versioning.

I am unfamiliar with perforce, it seems it includes a client.
So not sure whether the server/client setup of perforce includes a securing mechanism.
0
 
LVL 32

Author Closing Comment

by:Daniel Wilson
ID: 39253416
Thanks, Arnold.  I'm checking out squid now ...
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Let’s list some of the technologies that enable smooth teleworking. 
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now