Security Basics mailing list archives
Re: Firewall on server itself
From: chris <chris09 () comcast net>
Date: 25 Jun 2003 19:22:49 -0000
In-Reply-To: <Pine.SOL.4.10.10306250223530.25691-100000 () remus rutgers edu> Yes this is a good idea. I dont know about how your hardware firewall is setup but I assume its port forwarding capable seeing as you have a web server behind it. If you have additional ports opened up this may allow someone to compromise a machine on the inside. From this machine the web server can be compromised. Its a good idea to slap on even a light firewall blocking unessecary traffic to the web server. Just as a precaution. --chris
Received: (qmail 22708 invoked from network); 25 Jun 2003 15:27:06 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 25 Jun 2003 15:27:06 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 04FA5A38D9; Wed, 25 Jun 2003 09:11:23 -0600 (MDT)
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Received: (qmail 21137 invoked from network); 25 Jun 2003 06:20:38 -0000
Date: Wed, 25 Jun 2003 02:24:46 -0400 (EDT)
From: Anish Basu <anishb () remus rutgers edu>
To: security-basics () securityfocus com
Subject: Firewall on server itself
Message-ID: <Pine.SOL.4.10.10306250223530.25691-100000 () remus rutgers edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I am trying to set up a secure web server which will already be protected
by a dedicated harware firewall. The hardware firewall will be configured
to protect the web server as well other computers on the network. The
web server will be running Red Hat 9.0. Is there any reason to install
and configure firewall software such as IPTables on the web server itself?
Are there any advantaqes or disadvantages to having two firewalls set up
this way?
Thanx in advance for any help.
*************************************************************
Anish Basu (anishb () eden rutgers edu)
Chair Events and Programming
Co-Chair Internet Security
USACS, Undergraduate Student Alliance of Computer Scientists
http://usacs.rutgers.edu
*************************************************************
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)
mQGiBD73j5cRBACZL6r2HapGwo05TAkgw3xGvkfWQl19010ucpiMECdJBI9KfgrK
/F9qUAcdKeJvJUSNVIDudfs+LKf8chpW3+uhH121m01PrlNKK+PU4BGlkEAMvmMw
UJaG1Qq37Vs9uw0Ar2bCzq8XDUdbSuJtv/AucTJW4gv30NIwnHYHSesKuwCglKXi
jAkwG0hXxFX33WqsX+OYffEEAJWhaF3VfXVgiz8xaWSNwatd8CKsZlknBnomJpen
TVdlsnl+18Nyl2VjRzcRimYJQdEKUQjpUfjrmOP1+OCPA1cvk46KMO2frdvbGRLs
PxWrxa60G7bJVpuw1LF1cTNAiFzQT3uaZzOIj+zZvntBPvi6dTgeqqt0G4T5fdhM
398bA/sHktmFOBtYMTFTbNF74HeMv1DfmRHjDygkpOS+ZZrdZUIv0VXSyPjwsVLY
zF+J8pzyxDVhD9gtTnlIUxGFW22S+PSvFDXPwB//Vrcux6ogfuAhpRjbrC5K1ED+
sTzMNebZVaDAQvsCFhKlHoYlwMsUnOASDcrlTDPIe7h8rt/BkbQkQW5pc2ggQmFz
dSA8YW5pc2hiQGVkZW4ucnV0Z2Vycy5lZHU+iFkEExECABkFAj73j5cECwcDAgMV
AgMDFgIBAh4BAheAAAoJEFg2FXGIkwwyXpkAni1mKIaIF8xvQTII6U+5oas1Zhyc
AJ99GSjXgiVS7ED/dS+Ti9LPUuP1NLkBDQQ+94+cEAQApxgDaofLmhxouHOX0dPz
qitLgWwJUB5hTB1duFSdBGBVwAPSVLzE33UJiwiYr0L/lSJenfwh50FeavqyHSxE
M0ttF5/yP+7y1pmWMkxcBkntmKOPMNyC+ptV3TTK9geGcIxZyIx4sm631Pb3PNCf
2p7PrgsLYNJLktP4jERvw/cAAwUD/AkVM2zoMjPkZd7+BGrJeNzuTENq7m7xc1ur
v6fLWx+K0eNbfkKoyiLqVTTtSzX8CV2j/nu+Vwnfy/4Qr3KKdd1fg0W088FPPhQO
7ZqVS89lAePLNBHSrhS9Et63A74Qw58W/fS9UMVGvATrdRTqCXv5ru/yGLalqWTU
1yi8zSpViEYEGBECAAYFAj73j5wACgkQWDYVcYiTDDLACwCdHBAHf/UwoB8BsbDk
IGoZW0tuD7cAnRi5TN/irq9muS3jENqIJB+rquV0
=od0b
-----END PGP PUBLIC KEY BLOCK-----
--------------------------------------------------------------------------
-
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
--------------------------------------------------------------------------
--
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- Firewall on server itself Anish Basu (Jun 25)
- Re: Firewall on server itself Brad Arlt (Jun 26)
- Re: Firewall on server itself Volker Kindermann (Jun 26)
- Re: Firewall on server itself Michael P (Jun 26)
- Re: Firewall on server itself Ansgar Wiechers (Jun 26)
- RE: Firewall on server itself Firegoblin Postmaster (Jun 26)
- Re: Firewall on server itself Mitch Pirtle (Jun 26)
- <Possible follow-ups>
- Re: Firewall on server itself Justin Pryzby (Jun 26)
- RE: Firewall on server itself DeGennaro, Gregory (Jun 26)
- RE: Firewall on server itself Gene LeDuc (Jun 26)
- Re: Firewall on server itself chris (Jun 26)
- RE: Firewall on server itself Depp, Dennis M. (Jun 26)
- Re: Firewall on server itself Ivan Coric (Jun 26)
- Re: Firewall on server itself Mitchell Rowton (Jun 26)
- Re: Firewall on server itself Craig Janssen (Jun 26)