On Tue, 2005-04-05 at 08:26, Sasa Stupar wrote: > Hi! > > I want to hear your opinion on the following net configurations: > 1. cablemodem -> router -> server in DMZ > -> LAN users > 2. cablemodem -> router/server -> LAN users > > Which one is more secure and what are the risks on each one? Option one is the better setup. The simpler you keep your router/firewall the better. Fewer services on it means fewer things that may provide a path in for intruders. Are you using a linux firewall/router or one of the cheap NAT routers? If a cheap NAT router the DMZ they talk about is just forwarding all packets coming in to a specific address on your internal LAN. It works but is not optimal from a security view. -- Scot L. Harris webid@xxxxxxxxxx Take Care of the Molehills, and the Mountains Will Take Care of Themselves. -- Motto of the Federal Civil Service
