Security Basics mailing list archives
Re: Firewall on server itself
From: Volker Kindermann <bugtraq () secspace de>
Date: Wed, 25 Jun 2003 19:23:03 +0200
I am trying to set up a secure web server which will already be protected by a dedicated harware firewall. The hardware firewall will be configured to protect the web server as well other computers on the network. The web server will be running Red Hat 9.0. Is there any reason to install and configure firewall software such as IPTables on the web server itself? Are there any advantaqes or disadvantages to having two firewalls set up this way?
Regarding one of the security principles (defense in depth) it will be an advantage if you configure some iptables rules on this box. Imagine the case that your hardware-firewall has a security flaw and is cracked by an attacker. Then you'll have still the iptables-protection. This is not true, if the hardware firewall is built upon a linux system and uses iptables, too. -volker --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Firewall on server itself Anish Basu (Jun 25)
- Re: Firewall on server itself Brad Arlt (Jun 26)
- Re: Firewall on server itself Volker Kindermann (Jun 26)
- Re: Firewall on server itself Michael P (Jun 26)
- Re: Firewall on server itself Ansgar Wiechers (Jun 26)
- RE: Firewall on server itself Firegoblin Postmaster (Jun 26)
- Re: Firewall on server itself Mitch Pirtle (Jun 26)
- <Possible follow-ups>
- Re: Firewall on server itself Justin Pryzby (Jun 26)
- RE: Firewall on server itself DeGennaro, Gregory (Jun 26)
- RE: Firewall on server itself Gene LeDuc (Jun 26)
- Re: Firewall on server itself chris (Jun 26)
- RE: Firewall on server itself Depp, Dennis M. (Jun 26)
- Re: Firewall on server itself Ivan Coric (Jun 26)
(Thread continues...)