WebApp Sec mailing list archives
Re: What is more secure?
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sat, 5 Mar 2005 18:55:54 +0530
On 28/02/05 15:24 +0100, Harry de Grote wrote: <snip>
if a firewall only forwards ports, it is really hard to get hacked through that port... i would give all the ip;s to the openbsd firewall
Why? An unpatched IIS server is still an unpatched IIS server on port 80, whether the port is just being forwarded or the IP is just on the server. I see no benefits to either usage of a packet filter, which, IMHO, is a good way of noise reduction for your real firewall. If this is only a webserver, how about using Squid/Apache as a reverse proxy on the OpenBSD box? Devdas Bhagat
Current thread:
- What is more secure? Tomas (Feb 28)
- Re: What is more secure? blackhat (Feb 28)
- Re: What is more secure? Alvin Oga (Feb 28)
- RE: What is more secure? Tomas (Feb 28)
- Re: What is more secure? Harry de Grote (Mar 01)
- Re: What is more secure? Devdas Bhagat (Mar 06)
- Re: What is more secure? Chris Thorp (Mar 01)
- RE: What is more secure? Tomas (Feb 28)