[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #ZYU-864541]: Inside firewall to outside LDM initiation


> Thanks for the reply.  While I completely agree with you on the security of 
> the LDM system, the Air Force Information Assurance folks have a habit of not 
> taking history into account, only 'rules'.  We will see.

Are connections to port 80 (the web server) allowed? If so, then that's a 
*much* greater risk than a connection to an LDM server's port 388.

As a part of a parallel effort that is going on here we are working on an 
SSH-tunnel based authentication scheme that we are going to be tasked to apply 
to 'external' LDM clients/servers.  You may remember some traffic on that from 
a few months ago.  If the inbound nature of LDM 'bothers' them, maybe that will 
add enough security that they will not fight too much over it.

Encrypting the traffic on an LDM connection is beyond the scope of the LDM 

The reason I believe an LDM server can't become an attack vector is because the 
LDM protocol doesn't support acting on arbitrary requests (the protocol is 
tightly prescribed) and because the LDM server forks a child process to handle 
each incoming request, crashing that process won't accomplish anything.

> Thanks again for the information and I will keep ya'll up to date on how all 
> this plays out.

Appreciate it.

> Brice
> Brice Biggerstaff
> JSC Weather Descision Support System
> MIDDS Software Support
> 281-853-3011 (w)
> 713-764-2601 (p)
> address@hidden  (alpha pager for text and email)
> Res Confacti Erimus
> âWe Get Things Done!â

Steve Emmerson

Ticket Details
Ticket ID: ZYU-864541
Department: Support LDM
Priority: Normal
Status: Closed

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.