Firewall issues

Before installing the shipping server on an exposed host, consider that the storage bays may be filled, packets are susceptible to snooping, and other servers can be accessible.
  • Storage bays can be filled.

    Using the shipping server on an exposed host enables anyone coming in from the network to fill storage bays on the local network, on any machine where a shipping server is available. To avoid full disks and the related problems:

    • Create all storage bays in the local network on their own partitions, so that filling the bays does not degrade system performance.
    • Install the shipping server only on machines that need it: synchronization servers and machines used by administrators.
  • Packets are susceptible to snooping.

    In normal update packets, information is not encoded. Therefore, anyone shipping packets across an unsecured network must encrypt the packets. Also, the format of an update packet is not very complicated; a dedicated programmer could figure out the format and create a packet with operations that damage a schema repository or user database. Encrypting the data makes this kind of attack much more difficult.

Parent topic: Store-and-forward through a firewall