Firewall Wizards mailing list archives
RE: secure host or firewall
From: "Biggerstaff, Craig T" <Craig.T.Biggerstaff () USAHQ UnitedSpaceAlliance com>
Date: Fri, 11 Dec 1998 15:01:09 -0600
If you secure the web and mail host, you're limiting the avenues of attack *to that host only* to attacks against the OS kernel and the daemons that are listening on the desired ports. But you're not doing anything to secure any other host on your network. If you use a firewall with your web and mail host behind it, then you have the same avenues of attack to that host, and you have some temporary additional protection for the internal network. But, if an attacker compromises the one host, the attacker then has full access to the rest of your internal network. The best way is to use a firewall with your web and mail host outside it, so that if it is compromised, the firewall still protects your internal network. This can be done with a leftover Pentium and freely available tools for very little material cost, so lack of funding is not much justification for leaving your internal network bare to the Internet. -- Craig Biggerstaff craig () blkbox com
---------- From: Neil Ratzlaff[SMTP:Neil.Ratzlaff () ucop edu] Sent: Thursday, December 10, 1998 4:37 PM To: firewall-wizards () nfr net Subject: secure host or firewall We have a machine that is used as a public web server, mail server, and a few more things. Am I better off securing the host by only listening to the desired ports, or using a firewall to allow only those ports through to the host? I know the obvious answer is both, but what are the pros and cons of one versus the other if I can do only one? Thanks for any advice
<<application/ms-tnef>>
Current thread:
- secure host or firewall Neil Ratzlaff (Dec 11)
- <Possible follow-ups>
- RE: secure host or firewall Biggerstaff, Craig T (Dec 14)