Re: Shorewall for web server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Timothy Murphy wrote:
I still don't really see any great advantage
in running the web-server on a different machine to the firewall.
Can one not restrict the part of the computer accessible through the web-server in a reasonably secure way?

You can certainly take efforts to keep your web server patched up and secure (including web apps above and beyond the web server itself). This will go far in keeping your box secure and should keep out the "casual" attacker. It really comes down to the environment you are running in and what you are trying to protect.

But if someone manages to exploit your system via your web server or app you have installed and the attacker manages to get root, they own your system now. Including tweaking your firewall ruleset to give them further access to your network.

By keeping all unnecessary services off your firewall you reduce the number of places an attacker can try to exploit - hopefully keeping your firewall safer in the long run.

Again, it comes down to what you are trying to protect. I have on home setups placed the web server on the firewall and just made sure to keep everything up to date and be wary of what apps I run on the box based on their past security track record.

-J


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux