[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [school-discuss] Security and Linux

To: schoolforge-discuss@schoolforge.net
Subject: Re: [school-discuss] Security and Linux
From: Les Richardson <richl@mail.tfsd.sk.ca>
Date: Sun, 15 Dec 2002 10:18:12 -0600 (CST)
Delivered-to: archiver@seul.org
Delivered-to: schoolforge-discuss-outgoing@seul.org
Delivered-to: schoolforge-discuss@seul.org
Delivery-date: Sun, 15 Dec 2002 11:02:04 -0500
In-reply-to: <1039924208.3dfbfbf0c9cfa@members.iteachnet.org>
Reply-to: schoolforge-discuss@schoolforge.net
Sender: owner-schoolforge-discuss@schoolforge.net

Hi All,

> "We're looking at a project to put cache servers in a couple of schools with
> remote management
> from a company in British Columbia.  They would have to come through our
> district's firewall to
> replenish the servers at night.

I assume that the caching software is Squid or equivalent.
(www.squid-cache.org)

The servers themselves would be doing all the caching of Internet objects.
The only external access should/would be the management aspect of this,
and this should only be done using SSH, not telnet (ie. due to the clear
text passwords.)

The other "security hole" would be the traffic between caches if they are
setup with siblings and parents. (using port 3128/3130)



  That's not fraught with concerns, believe me. 
> But, at a meeting
> yesterday, the people that we met with made a statement that I wish that I was
> more informed to
> challenge.  The comment went along the lines of "Well, it's Linux.  It's secure
> and you don't have
> to worry about hackers." 

Not true. If a server is "hardened" and no services are running that don't
need to be....(ie. only SSHD and caching software), then they are quite
impervious. However, security is never absolute. On the other hand, a well
setup Linux box is very secure (running only limited services)


 They also were unable to tell me about the software
> that would be used
> and also that this software had ways to cache dynamic content.  ASP, etc.


If they won't tell you that, then find someone else.... You should know
what you're getting for your dollar.

> reading?  Is there a particular piece of software running on Linux that is a
> good caching software
> that you'd recommend so that I can do some research?  As for caching dynamic
> content, I'm just

The best software for caching, as mentioned above, is the squid software
at the URL above. We have used this for 5+ years and have multiple Linux
servers running this. Excellent software.


Caching "dynamic content" is an oxymoron. It depends on how you setup your
squid software, however in most cases you don't cache CGI based scripting.
As well all objects have a TTL (Time to Live) and after this, squid will
recheck to see if the object has changed.

There are other issues as well including blocking and redirecting, etc.


Les Richardson
H. Hardcastle School
Edam, Sk. Canada

References:
- [school-discuss] Security and Linux
  - From: David Bucknell <david@members.iteachnet.org>

Prev by Date: Re: [school-discuss] Security and Linux
Next by Date: [school-discuss] etc ... merry christmas / happy new year broadcast
Previous by thread: Re: [school-discuss] Security and Linux
Next by thread: [school-discuss] etc ... merry christmas / happy new year broadcast
Index(es):
- Date
- Thread