Re: [seul-edu] Slowest Computers and security risks

[Dirk Schouten <schoutdi@knoware.nl>]

At 13:44 30-10-02 -0800, you wrote:
>I was once lernt by a wise man with convincing logic that your 
>combination of services may be a risky move.  Particularly anything 
>with your confidential student information (I am assuming that your 
>MySQL has personal student information) AND web/firewall.  My 
>understanding is that the danger is due to the proximity of the 
>services.  Once compromised your Apache or firewall apps could allow 
>sensitive data to be accessible by unauthorized users.
>
>Jim Aird
>CTO, HomeTech Charter School

>> Our primary school server is a P200 with 32 mb ram.
>> It runs apache, sendmail, router, firewall, MySQL, PHP. No problems.
>> Dirk

Hi Jim,
Thanks for your remarks and passing on a wise man's advice. Actually we
have two servers:
1 Firewall, router, Apache, mailderver, PHP, Perl, SSH, MySQL(for the
Content Mangagement System of our website). I.e. 'everything' that has
connection to the Internet.
2 Samba (for students and teachers), Apache (for internal webpages). I.e.
'everything' internal.

3 We plan to have a third server for confidential data (the school
management system, financial stuff, student's progress system, etc) on a
separate network (electrically separated). This may seem overdone, but when
you do not have so much Linux/Unix experience, you go for solid solutions.

We hope to be relatively safe but have spent a lot of time in security.
We learned a lot from 'Securing and Optimizing Linux' by Gerhard Mourani.
The old version of the book can be found on http://www.tldp.org under docs.
The new version of the book is also very good.
http://www.openna.com
Kind regards,
Dirk