[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Will installing a VPN on my LAMP server disrupt public services?

Posted on 2013-06-14
7
Medium Priority
?
472 Views
Last Modified: 2013-06-17
I am considering installing some private services (Perforce in particular) on a LAMP server that also hosts public websites, does mail services, runs a DNS server, etc.

I would like to require authentication and encryption for the private services.  A VPN server seems appropriate ... but ... can I keep the public services unhindered by the VPN and do this?

Thanks!
0
Comment
Question by:Daniel Wilson
  • 4
  • 3
7 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 39249422
VPN is a separate secure path to resources on the system that makes the remote systems that establish a VPN appear as local to the server.

Generally, a VPN server option on a system does not have any impact on other public services on the system.

Could you clarify your concern?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250573
I want encryption & authentication required to access port 1666, but no such requirement for 80, 25, 110, etc.  I mean, beyond what SSH, FTP, POP, etc. already run.

I'm a software guy, not a network guy, so maybe I have completely the wrong idea.  But at http://perforce.com/perforce/r10.1/manuals/p4sag/03_superuser.html#1080319 the guide says
Warning
      
Although ticket-based authentication provides a more secure authentication mechanism than password-based authentication, it does not encrypt network traffic between client workstations and the Perforce server.
If you are accessing Perforce over an insecure network, use a third-party tunneling solution (for example, ssh or a VPN) regardless of the authentication method you choose.

How would I go about doing that?  Without risking my http/pop/ftp/ssh services?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250620
Perhaps a proxy is what I want instead of a VPN ...
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 81

Expert Comment

by:arnold
ID: 39250742
What exactly are you looking to secure? You can setup a site on apache that requires authentication to gain access either via programming in PHP or based on .htaccess settings.  The difference between these approaches deals with how you audit who accessed the pages within.  .htaccess stores the data in the log files and reqcrunches the data.uires a second process that crunches the logs while the application level control such as PHP, etc. the auditing can be part of the application.

For encryption, you need to either buy a certificate and configure SSL on apache, or generate a self signed certificate where the users will be warned that the certificate is untrusted.
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250815
Perforce is a source code control server.  It does not operate through Apache or another web server.  It is a server in its own right.

I'm interested in securing it b/c it will control source code -- intellectual property for some of my projects.
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 39250900
Using a reverse secure proxy will deal with securing the connection with encryption.
The authentication should be built into the application, or you would include authentication scheme into the reverse proxy.

You can use squid or apache as a reverse proxy.
With INtelectual property, maintaining a record of who accessed and did what is extremely important.

There are other open source document management systems as well as source code.
Alfresco document management.
Subversion is a good source control with versioning.

I am unfamiliar with perforce, it seems it includes a client.
So not sure whether the server/client setup of perforce includes a securing mechanism.
0
 
LVL 32

Author Closing Comment

by:Daniel Wilson
ID: 39253416
Thanks, Arnold.  I'm checking out squid now ...
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month19 days, 12 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question