[NTLUG:Discuss] Stealth drop box
Greg Edwards
greg at nas-inet.com
Wed Aug 1 10:53:27 CDT 2007
Michael Barnes wrote:
> I need to set up a drop box type operation. I have a
> server/firewall/router (CentOS5) that sits between two networks. On the
> admin network, the server is essentially invisible, no open ports, no
> ping response, etc. Nothing comes in, it only goes out. However, I
> need to have users input files to that machine.
>
>
> I am not looking for extensive programming or anything, and it doesn't
> have to be like National Security Agency stuff. But I do need it to be
> protected.
>
> Thanks for any ideas, suggestions, comments, alternate methods, etc.
>
> Michael
You can achieve the security you want using an NFS mount. Sometimes NFS
gets an undeserved security knock because most admins don't implement it
securely.
On the non stealth machine create a directory for dropping the files
into and open it for r/w in /etc/services. On the stealth machine use
automount to link to the drop directory.
When the stealth machine reads the linked dir the mount will be
established and the contents accessible. After an inactivity period the
mount is dropped. The stealth machine can see the non stealth machine,
but nobody can see the stealth machine since no mount points are opened
in /etc/services. You can setup a cron job that polls the drop dir and
moves the files.
--
Greg Edwards
More information about the Discuss
mailing list