WebApp Sec mailing list archives
Re: What is more secure?
From: Alvin Oga <alvin.sec () Virtual Linux-Sec net>
Date: Sun, 27 Feb 2005 14:55:22 -0800
hi ya tomas On Thu, Feb 24, 2005 at 11:05:08AM +0200, Tomas wrote:
I'd like to ask you, as guys who know a lot of about security, this question: what is more secure when dealing with web servers and public ips. Is it more secure to give all of your public ips directly to a web server and filter traffic with firewall, or is it better to give all public ips to a firewall and only redirect http and https ports to internal web server?
which is more secure ... neither ... it depends on the rest of the system and network config and how you use the servers some people's firewall is uselessly insecure, since it allows all the traffic from everywhere/anywhere into the servers its trying to protect if your firewall is say PIX or checkpoint, it'd probably be mroe secure if it's properly configured ( less things it can do wrong, other than you turining everything to be allowed ) if the firewall is linux or *bsd based, it'd probably be just as insecure as your linux based webserver, though *bsd fw will be more secure than linux using the same set of firewall rules the problem is you will need to harden your webserver and linux-based firewall and if your customers are ecommerce websites, you should hire professional security folks with liability insurance to fix the problems per your budget and specs if the website can go down for a day or two and no loss of personal data, than it doesnt matter if it gets hacked, just need to learn why/how they got in lots of issue .. there is no clear answer of which is more secure a system is more secure if it is secure by itself and does NOT depend on a firewall .. and you have data stored ( backedup ) at least 3 other places a network is more secure if you assume that the hacker/cracker is inside your network, in the firewall, and you protect your remaining servers and protect your data, knowing the cracker is inside your network how you make things secure, depends on how you allow data to be moved from one machine to another c ya alvin
Current thread:
- What is more secure? Tomas (Feb 28)
- Re: What is more secure? blackhat (Feb 28)
- Re: What is more secure? Alvin Oga (Feb 28)
- RE: What is more secure? Tomas (Feb 28)
- Re: What is more secure? Harry de Grote (Mar 01)
- Re: What is more secure? Devdas Bhagat (Mar 06)
- Re: What is more secure? Chris Thorp (Mar 01)
- RE: What is more secure? Tomas (Feb 28)