Security Basics mailing list archives
RE: Question about firewalls.
From: "Daniel R. Miessler" <danielrm26 () hotmail com>
Date: Sat, 24 May 2003 01:27:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am about to move into a new apartment, and am taking the opportunity to rethink the way I have my private network set up.
Given what you go on to describe in your post, I recommend you go with a DMZ setup and separate your services from your firewall. In general, running public services like mail and web on the same box as your firewall is a *bad* idea, but sometimes it's all you can do. Since you have other machines, however, I think it's time you get away from that configuration. The reason it's a bad idea to run services on a firewall (especially mail and web) is because they are the means by which machines are exploited, and once this has happened they have your firewall and free reign of your network. Check out my article on neworder.box.sk about setting up a DMZ - it applies to your situation well. http://neworder.box.sk/newsread.php?newsid=7326 That configuration, with one box in the DMZ running your public services, will give you a highly decent amount of Security while staying equally functional. If you have any questions, let me know and I'll try and help. Regards, - -danielrm26 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBPs8CulJwf7WiYT5vEQJQoQCggtNKpI7y7sEZiWQgIiHX4KBAS6YAmgO2 qlS4Ek+RQTSmRzFkERNq/4WL =JxM3 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- Question about firewalls. Allan Schon (May 22)
- <Possible follow-ups>
- Re: Question about firewalls. Chris Berry (May 23)
- RE: Question about firewalls. Daniel R. Miessler (May 26)
- Re: Question about firewalls. khayes (May 23)