[CentOS] CentOS VPN server for iPhone
Les Mikesell
lesmikesell at gmail.com
Thu Mar 26 20:21:46 UTC 2009
Florin Andrei wrote:
>
>> If you have a decent password (on all accounts) I wouldn't worry about
>> about it too much. Move it to an odd port or even require a client
>> certificate if your client software supports it.
>
> The non-standard port is a good trick, but even assuming the iPhone does
> support it (which is far from certain, the interface is very simple and
> terse), I'm still a bit uncomfortable. All it takes is a stupid buffer
> overflow, and a script kiddie with patience and a portscanner - even if
> you send packets to DROP, it's still scannable, it just takes much
> longer. Port knocking is probably not doable (or not easily) from the
> iPhone.
>
> Maybe I don't trust the IMAP server enough to expose it. Maybe I should.
Anything that can survive in a university environment should be safe
enough for the rest of us. But the client certificate requirement would
really nail it down if that's a possibility. You can do it with stunnel
if the native IMAP service is difficult to configure for ssl (or even on
a different internal machine).
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list