Solved

Will installing a VPN on my LAMP server disrupt public services?

Posted on 2013-06-14
7
451 Views
Last Modified: 2013-06-17
I am considering installing some private services (Perforce in particular) on a LAMP server that also hosts public websites, does mail services, runs a DNS server, etc.

I would like to require authentication and encryption for the private services.  A VPN server seems appropriate ... but ... can I keep the public services unhindered by the VPN and do this?

Thanks!
0
Comment
Question by:Daniel Wilson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 39249422
VPN is a separate secure path to resources on the system that makes the remote systems that establish a VPN appear as local to the server.

Generally, a VPN server option on a system does not have any impact on other public services on the system.

Could you clarify your concern?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250573
I want encryption & authentication required to access port 1666, but no such requirement for 80, 25, 110, etc.  I mean, beyond what SSH, FTP, POP, etc. already run.

I'm a software guy, not a network guy, so maybe I have completely the wrong idea.  But at http://perforce.com/perforce/r10.1/manuals/p4sag/03_superuser.html#1080319 the guide says
Warning
      
Although ticket-based authentication provides a more secure authentication mechanism than password-based authentication, it does not encrypt network traffic between client workstations and the Perforce server.
If you are accessing Perforce over an insecure network, use a third-party tunneling solution (for example, ssh or a VPN) regardless of the authentication method you choose.

How would I go about doing that?  Without risking my http/pop/ftp/ssh services?
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250620
Perhaps a proxy is what I want instead of a VPN ...
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 78

Expert Comment

by:arnold
ID: 39250742
What exactly are you looking to secure? You can setup a site on apache that requires authentication to gain access either via programming in PHP or based on .htaccess settings.  The difference between these approaches deals with how you audit who accessed the pages within.  .htaccess stores the data in the log files and reqcrunches the data.uires a second process that crunches the logs while the application level control such as PHP, etc. the auditing can be part of the application.

For encryption, you need to either buy a certificate and configure SSL on apache, or generate a self signed certificate where the users will be warned that the certificate is untrusted.
0
 
LVL 32

Author Comment

by:Daniel Wilson
ID: 39250815
Perforce is a source code control server.  It does not operate through Apache or another web server.  It is a server in its own right.

I'm interested in securing it b/c it will control source code -- intellectual property for some of my projects.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 39250900
Using a reverse secure proxy will deal with securing the connection with encryption.
The authentication should be built into the application, or you would include authentication scheme into the reverse proxy.

You can use squid or apache as a reverse proxy.
With INtelectual property, maintaining a record of who accessed and did what is extremely important.

There are other open source document management systems as well as source code.
Alfresco document management.
Subversion is a good source control with versioning.

I am unfamiliar with perforce, it seems it includes a client.
So not sure whether the server/client setup of perforce includes a securing mechanism.
0
 
LVL 32

Author Closing Comment

by:Daniel Wilson
ID: 39253416
Thanks, Arnold.  I'm checking out squid now ...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question