This is a necessary risk, as you must allow clients to directly connect to the Jabber server. One of the most valuable services that Jabber servers offer clients is that it allows two clients to exchange messages while both remain safely behind their own firewall. This would be impossible if the clients needed to connect directly with each other. Overcoming firewalls for direct C2C communications is one of the major obstacles to creating practical implementations of the out-of-band pro- tocol in chapter 4. 9 Firewalls are just the beginning of the tools you can use to protect your Jabber server from electronic attacks. Once again, if you are planning on running a com- mercial Jabber server, an investment in the services of a network security engineer will be money well spent. There is also a wide variety of excellent books on network security that address the generic issues facing servers on the Internet. A good place to start is Practical Unix & Internet Security by Garfinkle and Spafford and Building Internet Firewalls by Chapman and Zwicky (both by O’Reilly & Associates). Deploying a Jabber server tends to get more difficult as the number of users and potential attackers increase. On the one extreme is a server that is connected directly to the Internet and services users from anywhere on the Internet. However, many of these issues are not significant if your network is small and well-protected. For example, the Java server presented in this book can be deployed as a stan- dard Java application on a protected small-business (20-person) LAN without the need for firewalls, fancy DNS setups, or routers. It is unlikely that your employees will try to hack into your Jabber server, and the number of users on your system will probably never exceed the capabilities of your server’s machine. In addition, 9 The (PASS – Proxy Accept Socket Service) is a proposed Jabber standard to allow the server to assist clients in transferring out-of-band data between clients behind firewalls. Firewall Jabber client Jabber server Internet port 5222 Intranet This is a necessary risk, as you must allow clients to directly connect to the Jabber server. One of the most valuable services that Jabber servers offer clients is that it allows two clients to exchange messages while both remain safely behind their own firewall. This would be impossible if the clients needed to connect directly with each other. Overcoming firewalls for direct C2C communications is one of the major obstacles to creating practical implementations of the out-of-band pro- tocol in chapter 4. 9 Firewalls are just the beginning of the tools you can use to protect your Jabber server from electronic attacks. Once again, if you are planning on running a com- mercial Jabber server, an investment in the services of a network security engineer will be money well spent. There is also a wide variety of excellent books on network security that address the generic issues facing servers on the Internet. A good place to start is Practical Unix & Internet Security by Garfinkle and Spafford and Building Internet Firewalls by Chapman and Zwicky (both by O’Reilly & Associates). Deploying a Jabber server tends to get more difficult as the number of users and potential attackers increase. On the one extreme is a server that is connected directly to the Internet and services users from anywhere on the Internet. However, many of these issues are not significant if your network is small and well-protected. For example, the Java server presented in this book can be deployed as a stan- dard Java application on a protected small-business (20-person) LAN without the need for firewalls, fancy DNS setups, or routers. It is unlikely that your employees will try to hack into your Jabber server, and the number of users on your system will probably never exceed the capabilities of your server’s machine. In addition, 9 The (PASS – Proxy Accept Socket Service) is a proposed Jabber standard to allow the server to assist clients in transferring out-of-band data between clients behind firewalls. Firewall Jabber client Jabber server Internet port 5222 Intranet . Jabber server from electronic attacks. Once again, if you are planning on running a com- mercial Jabber server, an investment in the services of a network security engineer will be money well spent. There. Jabber server from electronic attacks. Once again, if you are planning on running a com- mercial Jabber server, an investment in the services of a network security engineer will be money well spent. There. server’s machine. In addition, 9 The (PASS – Proxy Accept Socket Service) is a proposed Jabber standard to allow the server to assist clients in transferring out-of-band data between clients behind firewalls. Firewall Jabber client Jabber server Internet port