351
edits
Changes
From SME Server
Jump to navigationJump to search→Security x
:shutdown
:shutdown
==Security x==
==Security==
===Remote access===
===Remote access===
====VPN / PPTP ====
====VPN / PPTP ====
* Pass
* Check functionality
:Set a number of PPTP clients in server manager and test remote access (repeatedly)
:Set a number of PPTP clients in server manager and test remote access (repeatedly)
====SSH====
====SSH====
*Pass - remote access from local network on port other than 22
Check the following:
*External user/password access denied (port 22 and other) when set to 'No access' or 'Local network' --PASS
*remote access from local network on port other than 22
*External user/password access allowed (port 22 and other) when set to 'Entire internet' --PASS
*External user/password access denied (port 22 and other) when set to 'No access' or 'Local network'
*External user/password access denied (port 22 and other) for root when 'allow administrative commandline' to 'No' --PASS
*External user/password access allowed (port 22 and other) when set to 'Entire internet'
*External user/password access allowed (port 22 and other) for user (if configured) when 'administrative commandline' to 'No' --PASS
*External user/password access denied (port 22 and other) for root when 'allow administrative commandline' to 'No'
*External user/password access denied (port 22 and other) when 'allow standard password' set to 'No' -PASS
*External user/password access allowed (port 22 and other) for user (if configured) when 'administrative commandline' to 'No'
*External certificate access denied (port 22 and other) for root when 'administrative commandline' to 'No' and 'allow standard password' set to 'No' -PASS
*External user/password access denied (port 22 and other) when 'allow standard password' set to 'No'
*External certificate access allowed (port 22 and other) for root when 'administrative commandline' to 'Yes' and 'allow standard password' set to 'No' -PASS
*External certificate access denied (port 22 and other) for root when 'administrative commandline' to 'No' and 'allow standard password' set to 'No'
*External certificate access allowed (port 22 and other) for user (if configured) when 'administrative commandline' to 'No' and 'allow standard password' set to 'No' -PASS
*External certificate access allowed (port 22 and other) for root when 'administrative commandline' to 'Yes' and 'allow standard password' set to 'No'
*External certificate access allowed (port 22 and other) for user (if configured) when 'administrative commandline' to 'Yes' and 'allow standard password' set to 'No' -PASS
*External certificate access allowed (port 22 and other) for user (if configured) when 'administrative commandline' to 'No' and 'allow standard password' set to 'No'
*External certificate access allowed (port 22 and other) for user (if configured) when 'administrative commandline' to 'Yes' and 'allow standard password' set to 'No'
====FTP====
====FTP====
* Ftp access allowed for Primary, ibays and users when access set to 'Allowe access ...' -PASS
* Ftp access allowed for Primary, ibays and users when access set to 'Allowe access ...'
* Ftp access refused for Primary, ibays and users when access set to 'No Access' -PASS
* Ftp access refused for Primary, ibays and users when access set to 'No Access'
===Local Networks x===
===Local Networks===
Comment:
===Port forwarding===
===Port forwarding===
Check the following scenario
server gateway - PASS
* server gateway
Comment: i.e. tested successfully with port 3389 (RDP) to WIndows terminal server on LAN
server only - pass
* server only
"This server is currently in serveronly mode and portforwarding is not possible."
Comment: i.e."This server is currently in server-only mode and portforwarding is not possible."
===Proxy settings===
===Proxy settings===
====Mail====
====Mail====
*Smtp proxy enabled - PASS
*Smtp proxy enabled
Test with Thunderbird client - Email delivery works and the headers clearly show that the local smtp server has been used for the delivery rather the smtp that was setup in the email client
Comment: i.e. Test with Thunderbird client - Email delivery works and the headers clearly show that the local smtp server has been used for the delivery rather the smtp that was setup in the email client
*Smtp proxy disabled - PASS
*Smtp proxy disabled
Follow up test to above with the same Thunderbird configuration - this time the intended, external smtp server has been used for the delivery and NOT the local smtp server.
Comment: i.e. Follow up test to above with the same Thunderbird configuration - this time the intended, external smtp server has been used for the delivery and NOT the local smtp server.
====Web====
====Web====
Check the following:
* net access via the squid proxy works
* net access is disabled via squid proxy if disabled
net access is disabled via squid proxy if disabled
==Configuration ==
==Configuration ==
