On Mon, 2019-07-01 at 08:56 +1000, Cameron Simpson wrote: > Returning to the "do not put the NAS on the firewall/VPN host", the > NAS really ought to be a non-external service. So hosting on the > firewall itself is a security risk because a small misconfiguration > can expose it to the outside world. M. Fioretti (the OP) should argue > against that to his client.
That's certainly true, and reinforces the method that you should not rely on the firewall to protect you. In this instance, you *should* also configure the NAS with the range of IPs that it's allowed to communicate with. First protect services by configuring them appropriately. Secondly put a firewall in the way. Always do both steps. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
