Re: Security question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-04-05 at 14:26 +0200, Sasa Stupar wrote:
> I want to hear your opinion on the following net configurations:
> 1. cablemodem -> router -> server in DMZ
> 			-> LAN users
> 2. cablemodem -> router/server -> LAN users
> 
> Which one is more secure and what are the risks on each one?
> 

#1 is generally better. Why? In #2, your web server software could be
hacked, for example, and then your entire network is unprotected and
open to the intruder. In #1, if your web server is hacked, then that one
box is hacked and the rest of the network is protected by the
router/firewall. Firewalls should have as little as possible installed
on them.

Many/most cheap hardware firewalls do not have proper DMZ's, so a
properly-configured Linux box is your best solution. I use Fedora Core 3
boxes with Shorewall and three or more NIC's to do this, but there are
certainly other ways to peel that potato.

Cheers,

-- 
Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux