![](https://seccdn.libravatar.org/avatar/fd999d596731c7039bab1f33e2042ba0.jpg?s=120&d=mm&r=g)
Hi List! I would like to hear your opinion on our fileserver installation, as I see a big difference between the de facto installations and the ones described in security how-tos and lists. As far as I can see, most university networks constist on computers with valid ip's directly connected to the net. These are Suns, PCs and Macs, with their own fileservices. I understand that this is dangerous. On the other hand, howtos and lists talk about DMZs, firewalls and very few protocols on the internet. So, following the advises, every network seams to need a "secure" side for the clients, and a DMZ for every server visible to the outside, and a lot of filters... I have to install a fileserver in an university network. We have our own local net, with a lot of clients, and the existing server behind our firewall (most of the network machines have suse linux here, some are solaris-based). But as the university has a lot of networks, I have to allow access to the server from the outside now. And there are all those platforms and protocols which need access... Appleshare/IP, SMB, FTP (what do you think about these protocols and security?). So the fileserver, which usually should be kept secure, is jumping into what should be the DMZ... I am considering to open the ports for smb and appleshare on the firewall with destination server now. I only allow encrypted passwords on appleshare and smb. I close everything else. In fact, I know that a server in the DMZ would be better, but than I would have to install one more machine, mount the directories to export via nfs :-( etc...and keep an eye on a lot of firewalls. So in my opinion, it's the best solution to have a SIMPLE configuration (with less misconfigurated services). And as I told you, if I compare with other networks, we still take a lot of care on our security. Anyway, I would like to hear your opinion, as this seams to be a quite common problem - universities don't have the possibility to maintain too complex installations, and on the other hand, everybody is working over the net here. Thank You, CU, Lars.