Enterprise Unix Roundup: Sun Manages Expectations Page 2

By Michael Hall (Send Email)
Posted Jan 27, 2005

Main     In Other News     Recent Updates     Tips of the Trade

Recent Updates

  • Evermind Data has released version 2.0.5 of its Orion application server. The company reports this is the first non-experimental release of the server in some time, and notes that all users should upgrade to it. Next on the company road map is work on Orion 3.0, which will support the J2EE 1.4 APIs.

  • The FreeBSD project announced FreeBSD 4.11-RELEASE. The project's announcement notes the release consists of "conservative updates to a number of software programs," security patches, and bug fixes. The release notes cover both the i386 and Alpha ports.

  • Apple released Security Update 2005-001 for Mac OS X v10.3.7 in both its standard and server editions. The update addresses numerous issues and provides patches to server-side packages like SquirrelMail and PHP, as well as the commonly used Unix utility "at" and libxml2. The update also reflects a new naming scheme for Apple updates, from date-based to sequential.

  • A number of fixes to the squid proxy server protect it from, among other things "malicious gopher servers." The patched version is currently available from Conectiva, Mandrake, Ubuntu, and Debian.

  • The network monitoring tool ethereal has a series of potential denial of service vulnerabilities. Patches are in from Fedora Legacy (1, 2), Mandrake, Debian, Gentoo, and Conectiva.

Tips of the Trade

Road warriors and other remote workers are a continual challenge to support. They need access to the company network, but you don't want to create a big old security hole. Some sort of virtual private network (VPN) is usually the best solution. There are all sorts of VPN implementations, some of which cost quite a bit. One of the best is OpenVPN, which is both open source and free of charge.

OpenVPN supports a wide range of users: telecommuters, road warriors, wireless users, and remote-office linking. Like IPSec, it securely tunnels the entire transmission. An especially nice feature of OpenVPN is the capability to run everything from the server. So instead of having to configure mobile users with all sorts of location-based profiles, OpenVPN pushes all the configuration settings out to the clients.

OpenVPN is cross-platform. It runs on Linux, MacOS X, Windows 2000/XP, Solaris, and any of the BSD Unixes. Authentication and key exchange is managed with OpenSSL libraries using TLS (transport layer security), which is the latest and most advanced of the SSL family of protocols. OpenSSL and the IPSec ESP handle tunnel transport and data encryption.

This sounds complex, and it is. Fortunately for the hardworking system administrator, configuring and using OpenVPN is not very difficult, and it is extremely secure. For rafts of great howtos and examples, visit OpenVPN.net.

>> To Main
>> To Other News

Page 2 of 2

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.