Subject | RE: [ib-support] remote connectivity |
---|---|
Author | Brian K. Woods |
Post date | 2003-02-26T16:18:15Z |
Hi all,
Just a comment regarding Michael's response.
Michael, you wrote
M> the internet.
but then, you proceed to discuss how encrypting traffic using Zebedee would
help make the VPN speed better...
One can also use Zebedee or other traffic encryption methods over port 3050
tcp/ip.
If you were to do so, then your dismissal of the "open port 3050" method is
not valid, since
you wouldn't be sending unecrypted data over the net.
Also, there is an excellent article out there on one of the FB/IB related
sites where one of the FB/IB
gurus shows how to do what Zebedee does. The article includes a simple
tcp/ip client/server encryption demo written
in Delphi. However, unfortunately, I can't recall where I found it, and my
searches aren't turning it up...
If someone else knows of the article to which I refer and where to find it,
maybe
they could provide the link.
Of course, there is always still the argument that opening port 3050 could
leave
one open for attack, but so will _any_ other port (since they can scan for
open ports). So unless the firewall is
completely locked down (i.e. no pass-throughs, even port 80, etc), adding
one more port pass-thru isn't going to make you any less secure.
Regards,
Brian
Just a comment regarding Michael's response.
Michael, you wrote
> > performance is extremely slow. I have read a bunch ofM> this is indeed not a good idea since all traffic will go unencrypted over
> > articles that say to throw open port 3050 on the
> > firewall/router and map it to the database server port 3050.
M> the internet.
but then, you proceed to discuss how encrypting traffic using Zebedee would
help make the VPN speed better...
One can also use Zebedee or other traffic encryption methods over port 3050
tcp/ip.
If you were to do so, then your dismissal of the "open port 3050" method is
not valid, since
you wouldn't be sending unecrypted data over the net.
Also, there is an excellent article out there on one of the FB/IB related
sites where one of the FB/IB
gurus shows how to do what Zebedee does. The article includes a simple
tcp/ip client/server encryption demo written
in Delphi. However, unfortunately, I can't recall where I found it, and my
searches aren't turning it up...
If someone else knows of the article to which I refer and where to find it,
maybe
they could provide the link.
Of course, there is always still the argument that opening port 3050 could
leave
one open for attack, but so will _any_ other port (since they can scan for
open ports). So unless the firewall is
completely locked down (i.e. no pass-throughs, even port 80, etc), adding
one more port pass-thru isn't going to make you any less secure.
Regards,
Brian