Ever heard of security? No, me neither. I start to jump up and down if people use firewalls for the wrong purposes! Now a lot of people might get mad at me, but my vision is that a firewall is stupid! How's that? Let me explain a firewall first. This piece of software won't protect your network/system if you don't know what it's doing, period. On any networked system, you should know what ports you use and why, what protocols you use and again why. If you know this, you don't need a firewall to protect your servers, you might need it to protect your clients. If you don't know, or follow the masses, you end up screwed, just like most Windows users. They mostly don't know what's open and what's not, even worse, if they do know, they don't know how Windows will react to any given response. But hey, we are not here to educate the Windows crowd, it's OS/2 security we need. Hard to get? No!

First of all, figure out what kind of network you need. Local lan? Internet lan? (don't know much about that :-) Let me say this first, NetBIOS over TCP/IP is about the most stupid thing you can use, as it requires a firewall or strong passwords and userid's. Safety is hard to get when you connect your system to the internet with this protocol.

If you need Netbios, use it native! It can't be routed, so you won't need a firewall to be secure.

When you use a Linux (or Unix) box in your network, I hear you thinking "SAMBA", well forget Samba....it's NFS you want! Now we are getting to where we want to be, in fact where this months article is all about: NFS and security!

OS/2 Warp Server for eBusiness has this protocol as do all Unix (Linux) boxes. You really want this protocol, as it's easy to use. Remember I told you last time, Unix boxes don't like my dirty DHCP way. Well here comes why it doesn't matter: Just tell OS/2 NFS that it should accept only your static IP (e.g. 10.0.0.20) for requests. The fun part is that it won't respond to any other request than ones from the static IP you gave, no firewall or anything else is needed. Remember 10.x.x.x or the two other private IP ranges can't be routed over the net!

Security with OS/2 is so simplistic, it's a challenge to put it online and see if they can hack it. I've dared a lot of hackers already, and so far none have managed to get in, with the exception of abusing my Squid proxy due to my mistake (see the squid proxy article) but they haven't gotten into my system so far! Any candidates to give it a try? (John you are excluded!) I will send a bottle of Belgium's finest beer to the first that manages to get root access and tells me how he did it :-) To give a hint, my server is at www.heppen.be

I tried to put all my Windows clients on NFS, well you best forget about doing so, they don't work the way they should and damage files if they are transferred the wrong way. Only OS/2 is able to recognize the right file type to and from Unix boxes. Windows and OS/2 stations best work together with native NetBIOS, as long as you set the NBF registry for Windows to this:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbf\Parameters]

"MaximumIncomingFrames"=dword:00000001

This matches OS/2's settings and gives the highest speeds.

Getting security is nothing more the using the right protocol for the right purpose and knowing what you are doing. Do a portscan on your own system and find out. OS/2 is pretty secure, heck I've never seen it on hack lists so far, but you do need to know what you are doing.

Putting NetBios over TCP/IP online is stupid, they have plenty time to hack it if you have ADSL or Cable. Give your system the attention in deserves and you never get hacked. BTW most hacks come from the inside not the outside, and a firewall won't help you there either, no sir!

A little tip for the Windows users under us, turn off NetBIOS over TCP/IP! It will make it so much more secure :-)

That's it for this time, have fun with NFS, there isn't really much more to say about it, it's simple and easy to setup under OS/2, just run TCPCFG2 and there you have it :-)