Security Basics mailing list archives
Re: Firewall on server itself
From: "Craig Janssen" <cjanssen () mail millikin edu>
Date: Thu, 26 Jun 2003 13:18:16 -0500
Normally what I do (this applies to *nix servers as well as Win2k servers, which have IP security policies that essentially function as a built-in firewall) is I allow connections in on the services the server is meant to provide to the public (i.e. port 80 and 443 for web servers) and block everything else, unless the origin IP is in the same subnet as the rest of your servers, in which case it might make sense to allow more ports through so you can do backups, file transfers and whatnot between servers. Craig ______________________________ Craig Janssen, MCP, A+ Network and Internet Services Manager Millikin University Information Technology Dept (217) 362-6488 cjanssen () mail millikin edu
Justin Pryzby <justinpryzby () users sf net> 06/25/03 10:38AM >>>
Sure, you could set up the hardware firewall to do general pupose filtering (don't pass mallicious icmp, block the virus-of-the-day port, etc) and then set the individual hosts' firewalls to do things like "allow only establisted connections and connections to tcp:80, plus connections to tcp:22 from privileged hosts". That one would make sense for your webserver. Justin On Wed, Jun 25, 2003 at 06:34:02PM +0000, Anish Basu wrote: ...
Are there any advantaqes or disadvantages to having two firewalls set
up
this way? Thanx in advance for any help.
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: Firewall on server itself, (continued)
- Re: Firewall on server itself Ansgar Wiechers (Jun 26)
- RE: Firewall on server itself Firegoblin Postmaster (Jun 26)
- Re: Firewall on server itself Mitch Pirtle (Jun 26)
- Re: Firewall on server itself Justin Pryzby (Jun 26)
- RE: Firewall on server itself DeGennaro, Gregory (Jun 26)
- RE: Firewall on server itself Gene LeDuc (Jun 26)
- Re: Firewall on server itself chris (Jun 26)
- RE: Firewall on server itself Depp, Dennis M. (Jun 26)
- Re: Firewall on server itself Ivan Coric (Jun 26)
- Re: Firewall on server itself Mitchell Rowton (Jun 26)
- Re: Firewall on server itself Craig Janssen (Jun 26)
- Re: Firewall on server itself Ansgar Wiechers (Jun 26)