On Mon, Jan 23, 2006 at 10:55:31AM -0800, Smith wrote:
> Easiest solution:
>
> Setup a ftp server or sftp/scp/ssh server with OpenBSD on a separate IP
> Address from your firewall/gateway. I once setup a ftp server out in
> the open like that with OpenBSD. I ran no firewalls. I never had any
> problems. If you do this and say if it does get hacked, broken into, or
> messed up...not to worry it's outside your firewall and thus outside
> your network. The idea is, of course, that I don't care what happens to
> this server and I warn all my users that this server is not meant to be
> safe or reliable. I mention this because if you go with sftp/scp/ssh
> instead of ftp, the reluctance that users can see more of the system
> than you want or install a trojan that will elevate their rights would
> not matter, because it's on a server that you don't care about and that
> server is outside your network.
>
> I know of one linux system at a colo that has firewall protection and it
> goes down all the time. But my little openbsd box just keeps going.
I know, I know. The point is not that it is impossible to put this on an
expendable system, the point is that the data itself is somewhat
confidential.
Otherwise, plain FTP combined with a script that warns if the k1dd13s
have found you (bandwith utilization ~ 100%, all the time) would be
pretty good.
Joachim
