[Arm-saqs] FW: OC4J application Demo port
Kirkpatrick, Ivan
Ivan.Kirkpatrick@dep.state.fl.us
Fri, 17 Jun 2005 13:19:40 -0400
> -----Original Message-----
> From: Kirkpatrick, Ivan =20
> Sent: Friday, June 17, 2005 1:12 PM
> To: Casey, Travis; Java Team; Middle Tier Oracle
> Cc: 'arm-saqs2@lists.dep.state.fl.us'; =
'arm-pars@lists.dep.state.fl.us';
> 'waste-first@lists.dep.state.fl.us'
> Subject: RE: OC4J application Demo port
>=20
> Travis & Casey
>=20
> Per the meeting, the JHS Integration server, epic52, to suit the
> requirements of the WasteFirst project will require web services on =
port 80
> and so will need to be opened to the internet so they can develop =
their
> tests.
>=20
> Apache on port 80 needs to be shifted to port 81 to prevent exposing =
the
> JHS website and all of the project's maven generated websites to the =
public
> at large.
>=20
> A subsequent request will include appropriate monitoring and intrusion
> detection software installed on epic52 similar to what is already in =
place
> on epic229/228. This is to allow for opening SSH access to the epic52
> server for specific IP addresses only.
>=20
> Charles,
>=20
> I would like to have the following containers on epic52 shifted to =
port
> 8001 in lieu of the default 7778. Saqs1, Saqs2 and ParsDemo. Please =
let
> me know when this is complete.
>=20
> -----Original Message-----
> From: Casey, Travis =20
> Sent: Friday, June 17, 2005 12:41 PM
> To: Kirkpatrick, Ivan; Java Team
> Subject: RE: OC4J application Demo port
>=20
> Answers interspersed below...
>=20
> -----Original Message-----
> From: Kirkpatrick, Ivan =20
> Sent: Friday, June 17, 2005 12:15 PM
> To: Java Team
> Subject: OC4J application Demo port
>=20
> Please open port 8001 if possible on epic52 for Internet access of
> applications that will be used for demo purposes.
>=20
> [Casey, Travis] Sent off to Hayes.
>=20
> Please stop the Apache web server, change the default listening port
> from 80 to 81 and restart the Apache.
>=20
> [Casey, Travis] Question -- why? Port 80 already isn't open to the
> Internet, moving it to 81 isn't really going to make it any more =
secure...
>=20
> Ensure port 81 is not open to the internet.
>=20
> [Casey, Travis] It's not. In fact, at this point, no ports on
> epic52 are open to the Internet, though 8001 will be once Hayes =
processes
> the request above.
>=20
> Please change permissions on all data-sources.xml files to be
> readable by the oracle account and related project groups only. =
Other
> users should not be able to read the data-sources.xml files. Note =
that
> these files are located in several places for each application.
>=20
> [Casey, Travis] Done. Permissions have been set to 660 for all
> data-sources.xml files (owner and group can read and write).
>=20
> Please create a matrix for each of the servers in the JHS, epic52,
> 228 & 229 that lists the ports with firewall penetrations. Email me =
the
> matrix when it is complete.
>=20
> [Casey, Travis] If you're looking for only the outside -> DMZ holes,
> they are:
>=20
> epic52: none (will have 8001 soon)
>=20
> epic227: 7777
>=20
> epic228: 7777
>=20
> epic229: 7777
>=20
> If you want DMZ -> inside holes as well, I can get you a list.
>=20
> Ivan S Kirkpatrick
>=20