Re: CentOS VPN server for iPhone

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Florin Andrei wrote:
> 
>> If you have a decent password (on all accounts) I wouldn't worry about 
>> about it too much.  Move it to an odd port or even require a client 
>> certificate if your client software supports it.
> 
> The non-standard port is a good trick, but even assuming the iPhone does 
> support it (which is far from certain, the interface is very simple and 
> terse), I'm still a bit uncomfortable. All it takes is a stupid buffer 
> overflow, and a script kiddie with patience and a portscanner - even if 
> you send packets to DROP, it's still scannable, it just takes much 
> longer. Port knocking is probably not doable (or not easily) from the 
> iPhone.
> 
> Maybe I don't trust the IMAP server enough to expose it. Maybe I should.

Anything that can survive in a university environment should be safe 
enough for the rest of us.  But the client certificate requirement would 
really nail it down if that's a possibility.  You can do it with stunnel 
if the native IMAP service is difficult to configure for ssl (or even on 
a different internal machine).

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux