Loading Profile...
Twitter,
Facebook, or email.
I setup an old PC with ScrumWorks Basic to do some testing and I'd like to be able to access it on my LAN. I would use VPN to access outside the office so I just want to make sure that I'm not creating a problem since that PC is connected to the internet. I'm a bit of a geek but I'm far from a super IT security pro...
I just want to make sure by connecting my ScrumWorks server PC to the corporate network I'm not going to create a vulnerability for our organization. I'm willing to read on my own and do my homework but hopefully someone can point me in the right direction. Thanks!
I’m
unsure
Isolating ScrumWorks to the LAN so it doesn't pose a security risk
-
I've been wondering if I phrased this question properly or not. In an effort to clarify and hopefully get some kind of response:
I'm assuming that most people setup ScrumWorks in an office environment and connect the ScrumWorks server to the LAN so their team can access it. If so, what measures do people take to insure that computer does not pose a security risk. Any tips on configuring the firewall etc. would be appreciated. Sorry to ask a dumb question I'm more of a project management person than IT.Comment -
-
Hi rt,
You might look at running ScrumWorks Basic behind Apache. The information we have on that is available here: http://community.danube.com/danube/to...
ScrumWorks Basic as a security problem isn't something I can really speak to. I haven't heard anything about that in the past. Unfortunately because it is an unsupported product I just don't have an answer for that.
I can tell you that the data within the ScrumWorks Basic server won't be as secure as in ScrumWorks Pro however. The Pro tool does have a focus on security, whereas the Basic tool was constructed before security was a concern.
As an example the passwords within Basic are unencrypted. I don't expect that would translate to being a security hole for your company (considering you have to vpn into your corporate network to access Basic) but if you are concerned you will want to speak to your network administrator. -
-
If you're running behind a regular corporate firewall, you should be covered. Make sure all the JBoss ports are firewalled off. A list of ports, and other security measures, are listed here:
http://community.jboss.org/wiki/Using... -
-
This is great information. I had originally locked down port 8080 to two specific IP's on my local network but I forgot about JBoss. I will look at that next but I think before I open this up to more people for evaluation I'll probably want to setup a dedicated Linux server with Apache. It will be a good learning experience for me and I can do that part at home on the cheap.
Thanks guys! -
-
I started the ScrumWorks service and ran netstat -ano to see what ports were open and I found about 8 that matched the ScrumWorks process id. The funny thing is I only have one exception in the firewall and everything still works on the machines I have allowed to access 8080. I'll have to look into it to see if it's better to add an exception for these other seven ports or leave well enough alone. I'm guessing I should probably have as few exceptions as necessary until I run into a blocked port message. Maybe these ports are just used on the localhost to talk between jboss and scrumworks? As for all of the extra ports that are listed in the JBoss wiki I'm guessing those are for features that are not being used in the Scrumworks implementation.
-
That's right, all you need to provide external access to is port 8080, the rest are used internally by JBoss.
-
-
-
-
EMPLOYEE
EMPLOYEE
