[Waste-first] RE: OC4J application Demo port

Kirkpatrick, Ivan Ivan.Kirkpatrick@dep.state.fl.us
Fri, 17 Jun 2005 13:11:44 -0400 

Travis & Casey

Per the meeting, the JHS Integration server, epic52, to suit the =
requirements
of the WasteFirst project will require web services on port 80 and so =
will
need to be opened to the internet so they can develop their tests.

Apache on port 80 needs to be shifted to port 81 to prevent exposing the =
JHS
website and all of the project's maven generated websites to the public =
at
large.

A subsequent request will include appropriate monitoring and intrusion
detection software installed on epic52 similar to what is already in =
place on
epic229/228.  This is to allow for opening SSH access to the epic52 =
server
for specific IP addresses only.

Charles,

I would like to have the following containers on epic52 shifted to port =
8001
in lieu of the default 7778.  Saqs1, Saqs2 and ParsDemo.  Please let me =
know
when this is complete.

>  -----Original Message-----
> From: 	Casey, Travis =20
> Sent:	Friday, June 17, 2005 12:41 PM
> To:	Kirkpatrick, Ivan; Java Team
> Subject:	RE: OC4J application Demo port
>=20
> Answers interspersed below...
>=20
> 	 -----Original Message-----
> 	From: 	Kirkpatrick, Ivan =20
> 	Sent:	Friday, June 17, 2005 12:15 PM
> 	To:	Java Team
> 	Subject:	OC4J application Demo port
>=20
> 	Please open port 8001 if possible on epic52 for Internet access of
> applications that will be used for demo purposes.
>=20
> 	[Casey, Travis]  Sent off to Hayes.
>=20
> 	Please stop the Apache web server, change the default listening port
> from 80 to 81 and restart the Apache.
>=20
> 	[Casey, Travis]  Question -- why?  Port 80 already isn't open to the
> Internet, moving it to 81 isn't really going to make it any more =
secure...
>=20
> 	Ensure port 81 is not open to the internet.
>=20
> 	[Casey, Travis]  It's not.  In fact, at this point, no ports on
> epic52 are open to the Internet, though 8001 will be once Hayes =
processes
> the request above.
>=20
> 	Please change permissions on all data-sources.xml files to be
> readable by the oracle account and  related project groups only.  =
Other
> users should not be able to read the data-sources.xml files.  Note =
that
> these files are located in several places for each application.
>=20
> 	[Casey, Travis]  Done.  Permissions have been set to 660 for all
> data-sources.xml files (owner and group can read and write).
>=20
> 	Please create a matrix for each of the servers in the JHS, epic52,
> 228 & 229 that lists the ports with firewall penetrations.  Email me =
the
> matrix when it is complete.
>=20
> 	[Casey, Travis]  If you're looking for only the outside -> DMZ holes,
> they are:
>=20
> 	epic52:  none (will have 8001 soon)
>=20
> 	epic227:  7777
>=20
> 	epic228:  7777
>=20
> 	epic229:  7777
>=20
> 	If you want DMZ -> inside holes as well, I can get you a list.
>=20
> 	Ivan S Kirkpatrick
>=20