Posts tagged as:

Security

Daxtor : SmoothWall firewalls

by Roberto on July 18, 2009

in Portfolio, Work

SmoothWall UTM-308 firewalls

Daxtor is a company that provides web based applications for the private banking sector.
It offers a software platform for private consultants and fund investment management companies through ASP model using Linux, Solaris, Java and Oracle technologies.

To protect its servers infrastructure, Daxtor is using now SmoothWall UTM appliances : a special designed hardware running SmoothWall Advanced Firewall.
SmoothWall Advanced Firewall is an expandable system with a very powerful and easy-to-use web management interfaces from which is possible to control the configuration in detail and check the firewall status in real time.

SmoothWall UTM appliances offer also the possibility to connect two appliances together to build a failover system : 2 firewalls are privately connected with a cross-over wire, only one appliance is active at time and the other is in stand-by mode. If the first appliance stops working the secondary appliance reconfigures itself and becomes active, substituting the first one.
The configuration between the two appliances is kept in synchronization automatically : the first system acts as master and secondary as slave.

Since 2002 I’ve been the system administrator of this network infrastructure for Daxtor and helped them to design, build and grow their servers farm. I configured for them this new firewall system and integrated it with the existing network infrastructure.

Tagged as: Security

{ 0 comments }

Using a server service through a SSH tunnel

by Roberto on April 20, 2009

in Work

If you have access to a server only through SSH, you can yet access all the others server services without the need to forward other ports on the router or firewall.
Here is how :

  1. Open a console on your client
  2. Type : ssh -L [local port]:localhost:[remote port] [username]@[remote server]

From now on you can reach the remote service accessing to localhost on port [local port].

Parameters :

  • [local port] : the port you'll use on your client
  • [remote port] : the port you need to reach on the remote server
  • [username] : your username on the remote server
  • [remote server] : remote server public hostname or ip address

So, for example, if you want to access the webserver running on the remote server on the port 80, you'll write :
ssh -L 8080:localhost:80 [username]@[remote server]

Opening in your browser the url http://localhost:8080 you'll be able to access the remote webserver.

A similar solution can be implemented using Zebedee that doesn't require a SSH access because has its own authentication and encryption routines.


Tagged as: Linux, Security

{ 0 comments }

VPN with Tinc

April 12, 2009

Tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.
The configuration and usage are extremely simpler that VPN based on IPSec protocol and is suited for not too complex infrastructures where OpenVPN is a better solution.
Tinc is a very good open [...]

Read the full article →