OS/2 eZine - http://www.os2ezine.com
Spacer
March 16, 2003
 
Bas Heijermans has been using computers for 24 years - since he was 12. Bas lives in Belgium and has used OS/2 since version 1.1. He ran The OS/2 BBS and was the Belgium OS/2 Fido moderator. IBM awarded him Official OS/2 Ambassidor in 1992 for his support efforts. Today he repairs computers for a living.

If you have a comment about the content of this article, please feel free to vent in the OS/2 eZine discussion forums.

There is also a Printer Friendly version of this page.

Spacer
Previous Article
Home
Next Article


SciTech SNAP Graphics for OS/2 and Linux


OS/2 is Boring Part 8

Last time I talked about DHCP and DNS caching, I presume we all installed it? If not shame on you:-) Well, nothing is lost yet, so I'll go on with some further networking this time, don't I do that most of the time? :-) But this time it's real!

Ever heard of security? No, me neither. I start to jump up and down if people use firewalls for the wrong purposes! Now a lot of people might get mad at me, but my vision is that a firewall is stupid! How's that? Let me explain a firewall first. This piece of software won't protect your network/system if you don't know what it's doing, period. On any networked system, you should know what ports you use and why, what protocols you use and again why. If you know this, you don't need a firewall to protect your servers, you might need it to protect your clients. If you don't know, or follow the masses, you end up screwed, just like most Windows users. They mostly don't know what's open and what's not, even worse, if they do know, they don't know how Windows will react to any given response. But hey, we are not here to educate the Windows crowd, it's OS/2 security we need. Hard to get? No!

First of all, figure out what kind of network you need. Local lan? Internet lan? (don't know much about that :-) Let me say this first, NetBIOS over TCP/IP is about the most stupid thing you can use, as it requires a firewall or strong passwords and userid's. Safety is hard to get when you connect your system to the internet with this protocol.

If you need Netbios, use it native! It can't be routed, so you won't need a firewall to be secure.

When you use a Linux (or Unix) box in your network, I hear you thinking "SAMBA", well forget Samba....it's NFS you want! Now we are getting to where we want to be, in fact where this months article is all about: NFS and security!

OS/2 Warp Server for eBusiness has this protocol as do all Unix (Linux) boxes. You really want this protocol, as it's easy to use. Remember I told you last time, Unix boxes don't like my dirty DHCP way. Well here comes why it doesn't matter: Just tell OS/2 NFS that it should accept only your static IP (e.g. 10.0.0.20) for requests. The fun part is that it won't respond to any other request than ones from the static IP you gave, no firewall or anything else is needed. Remember 10.x.x.x or the two other private IP ranges can't be routed over the net!

Security with OS/2 is so simplistic, it's a challenge to put it online and see if they can hack it. I've dared a lot of hackers already, and so far none have managed to get in, with the exception of abusing my Squid proxy due to my mistake (see the squid proxy article) but they haven't gotten into my system so far! Any candidates to give it a try? (John you are excluded!) I will send a bottle of Belgium's finest beer to the first that manages to get root access and tells me how he did it :-) To give a hint, my server is at www.heppen.be

I tried to put all my Windows clients on NFS, well you best forget about doing so, they don't work the way they should and damage files if they are transferred the wrong way. Only OS/2 is able to recognize the right file type to and from Unix boxes. Windows and OS/2 stations best work together with native NetBIOS, as long as you set the NBF registry for Windows to this:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbf\Parameters]

"MaximumIncomingFrames"=dword:00000001

This matches OS/2's settings and gives the highest speeds.

Getting security is nothing more the using the right protocol for the right purpose and knowing what you are doing. Do a portscan on your own system and find out. OS/2 is pretty secure, heck I've never seen it on hack lists so far, but you do need to know what you are doing.

Putting NetBios over TCP/IP online is stupid, they have plenty time to hack it if you have ADSL or Cable. Give your system the attention in deserves and you never get hacked. BTW most hacks come from the inside not the outside, and a firewall won't help you there either, no sir!

A little tip for the Windows users under us, turn off NetBIOS over TCP/IP! It will make it so much more secure :-)

That's it for this time, have fun with NFS, there isn't really much more to say about it, it's simple and easy to setup under OS/2, just run TCPCFG2 and there you have it :-)

Bye now, and have fun networking, it's not as hard as most would like you to believe!

Previous Article
Home
Next Article

Copyright (C) 2003. All Rights Reserved.