Re: Shorewall for web server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-12-28 at 00:04 +0000, Timothy Murphy wrote:
> I still don't really see any great advantage
> in running the web-server on a different machine to the firewall.
> Can one not restrict the part of the computer 
> accessible through the web-server in a reasonably secure way?

It's just another step towards greater security.

A firewall will only allow the traffic that you want, and it can block
things in different ways (if you want) that a web server doesn't/mayn't
have features to do.  Not just blocking incoming connections to your
system, but blocking any exploits they make of your server back to the
outside world.

> Actually, everything available through the web-server is fully backed
> up, so it would not be any great loss if someone hacked this.
> On the other hand, I would be upset if someone hacked into
> the main part of the computer running the firewall.

If someone hacks into a firewall PC with no servers on it, they're a bit
lost.  They can't do much more than look at whats on it.

But if they break into a box with servers, then they've got more
opportunities to make a nuisance of themselves.  Both to you, and to
others through you.  In the latter case, it looks like it is you harming
others, and you might have to wear the responsibility of it.  Spam may
be the least of your problems, they might carry out illegal acts through
you.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux