Security Basics mailing list archives
Re: About Operating Systems security
From: "yannick'san" <yannicksan () free fr>
Date: Wed, 28 May 2003 20:40:53 +0200
I'm completly agree with you... In fact, I forgot to mention that here, all I do is in a model environment and once everything will be written, studied and aproved, I will start thinking about plugging it on a the network and this time I won't have all my eggs in the same bag. Thanks, -Yannick ------------------------------------------------- Well, it's generally accepted practice that a firewall should be the only application running on the firewall box: adding a webserver and database opens up two additional areas for a hacker to exploit and gain root access. Databases are exceptionally problematical: remote procedure calls are the LAST thing you want on a firewall. Keep your webserver and database server BEHIND the firewall. If you can do no other solution, get a hardware firewall unit and run your web and DB on a separate box. The nice thing about using Open Source software, and especially the many Linux variants, is that it WILL run just fine on older equipment that might otherwise be discarded or surplused. An old desktop box will run a Linux firewall fine. You'll get better protection from exploits AND save the company some cash. . . ------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- About Operating Systems security yannick'san (May 28)
- RE: About Operating Systems security Burton M. Strauss III (May 29)
- A new concept for security management? Keenan Smith (May 30)
- <Possible follow-ups>
- Re: About Operating Systems security salgak (May 29)
- Re: About Operating Systems security yannick'san (May 29)
- Re: About Operating Systems security Chris Berry (May 29)
- Re: About Operating Systems security yannick'san (May 30)
- Re: About Operating Systems security Chris Berry (May 30)
- RE: About Operating Systems security Burton M. Strauss III (May 29)