Re: tlug: -The TLUG Server-

[Scott Stone <sstone@example.com>]

On Fri, 20 Feb 1998, Craig Oda wrote:

> On Thu, 19 Feb 1998, Scott Stone wrote:
> 
> > Well, sure it could stay here, when I go back to the states we'll still be
> > doing most of our sales and stuff in Japan, so we'll want to continue to
> > support TLUG.  Besides, it'll be almost a full year, maybe two, before
> > that even happens.  
> 
> 
> Scott,
> TLUG has got some momentum and support for the TLUG server right
> now.  Can we install the server on the LAN only for installation
> purposes before the upgrade of bandwidth?  We can setup the
> web server structure and FTP archive structure, but not have any 
> files there.  we can set up empty directory structures.  Of course,
> there could be the initial splash page with a "comming soon" and
> "sponsored by PHT logo" on the front page with no links to it.

I just talked to Cliff and what we can do is this:

We'll set it up now, but not allow any FTP until we get more bandwidth.
I'm assuming that the web site is fairly low-traffic (can we have some
hits/day numbers, possibly?), so that can start up right away.

> 
> We could also test out shell access for a preliminary 
> TLUG Server Committee and work on plugging up any holes.
> 
> On the sensitive issue of security, let's be open about
> the security problems for your corporate LAN and address
> these problems.  Anyone with root access on a Linux machine
> can install tcpdump or similar packet sniffer and sniff 
> packets.  Any security hole should be addressed.  Any person
> that needs more than normal user access should use a 
> special account with limited powers, not the root 
> account. 

I agree - we will also install ssh/sshd on it (not *technically* ok to use
outside the states, but it works).

> 
> Another idea is to install two Linux boxen on the LAN
> and make one the firewall.

No need, I can have my router firewall it effectively.  Actually we don't
have any firewall set up at all right now, so this will give me some
impetus to get going on that :)

Do you have a domain registered with JPNic yet?  We'll provide the DNS
services for it - tell JPNic that your NS address is 210.145.37.178
(ume.pht.co.jp).

> 
> 
>   PHT Internal LAN     PHT Firewall   PHT External   TLUG Firewall
> ------------------------|        |------------------|           |
>   |               |     +--------+    |             +-----------+
>  accounting  devel                     PHT Web              |
>                                                             | 
>                                                     TLUG External 
> 
> 
> If we did it this way, then a PHT representative could control
> the TLUG firewall and TLUG could work out its own control policy
> for the server without comprising PHT security.
> 

If we controlled it at the router level, the same would be true.  I have
complete and total domination over the router, so ... :)

Also, I have a nice network monitoring program that I can use to make sure
nothing's going wonky with the server (ie, running out of disk
space/ram/etc).  We'll just have to make sure that snmpd is running on it
and that my machine has access to it.

> There's probably a lot of different ways to do this, but the
> main point is to make the PHT network as secure as possible 
> so there is stability in the TLUG server home. 
> 
> The firewall is pretty cheap.  We could use TIS and cheap 
> ethernet cards in a 486.


So when do you want to bring it over?  Today's bad, but tomorrow
(Saturday) might work.  I have a key to the place.  Let me know, and I'll
give you directions.

--------------------------------------------------
Scott M. Stone <sstone@example.com, sstone@example.com>
               <sstone@example.com>
Linux Developer/Systems Administrator for Pacific HiTech, Inc. 
http://www.pht.com		http://armadillo.pht.co.jp
http://www.pht.co.jp	        http://www.turbolinux.com


---------------------------------------------------------------
Next TLUG Nomikai: 11 March Wed 1998 Tengu TokyoEkiMae 19:30
Chuo-ku, Kyobashi 1-1-6, EchiZenYa Bld. B1/B2 03-3275-3691
Next TLUG Meeting: 11 April 1998 Saturday, Tokyo Station
---------------------------------------------------------------
a word from the sponsor:
TWICS - Japan's First Public-Access Internet System
www.twics.com  info@example.com  Tel:03-3351-5977  Fax:03-3353-6096