Re: lpd across the Internet - how secure?

From: Casper H.S. *** (Casper.***@Sun.COM)
Date: 07/08/02 

From: Casper H.S. *** <Casper.***@Sun.COM>
Date: 8 Jul 2002 08:37:19 GMT

"MaryAnne" <maryanne2002@hotmail.com> writes:

>We have thought of using SSH, VPN, etc.

>The constrains we have are the print jobs automated and taking place 7 x 24.
>If we use SSH or VPN, the other side across the Internet could telnet, ftp,
>etc. to the server, from which they could springboard to other servers.

On some systems, you can choose which traffic to protect with IPsec;
you can then protect just lpd and filter all other traffic.

Of course, the point about the remote site being able to exploit
weaknesses in lpd is well taken: any form of remote access allowed
carries a risk; tunneling the line printer protocol limits the
lpd risk to just the remote host. And you might consider that
risk less severe than opening up en SSH connection or a full VPN.

Casper 

-- 
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Quantcast