WebApp Sec mailing list archives

Re: What is more secure?

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sat, 5 Mar 2005 18:55:54 +0530

On 28/02/05 15:24 +0100, Harry de Grote wrote:
<snip>

if a firewall only forwards ports, it is really hard to get hacked through 
that port... i would give all the ip;s to the openbsd firewall


Why? An unpatched IIS server is still an unpatched IIS server on port
80, whether the port is just being forwarded or the IP is just on the
server. I see no benefits to either usage of a packet filter, which,
IMHO, is a good way of noise reduction for your real firewall. 

If this is only a webserver, how about using Squid/Apache as a reverse
proxy on the OpenBSD box?

Devdas Bhagat

Current thread:

What is more secure? Tomas (Feb 28)
- Re: What is more secure? blackhat (Feb 28)
- Re: What is more secure? Alvin Oga (Feb 28)
  - RE: What is more secure? Tomas (Feb 28)
    - Re: What is more secure? Harry de Grote (Mar 01)
    - Re: What is more secure? Devdas Bhagat (Mar 06)
    - Re: What is more secure? Chris Thorp (Mar 01)