Security question

Roger Grosswiler roger at gwch.net
Tue Apr 5 12:35:18 UTC 2005


> Hi!
>
> I want to hear your opinion on the following net configurations:
> 1. cablemodem -> router -> server in DMZ
> 				-> LAN users
> 2. cablemodem -> router/server -> LAN users
>
> Which one is more secure and what are the risks on each one?
>
> Regards,
> Sasa--
Sasa,

a) What kind of server are we talking of?

b) assuming it's a web- /mailserver, i would prefer version 1.
Is this a SOHO-installation with a small SOHO-Router? Be careful, as many of them indicate a DMZ in the meaning, that
they just forward all incoming ports to a local machine (except the request from your lan of course), but the server
often has just his own local protection, as they often exclude firewalling for DMZ-Computers

c) i would never use a web- or mailserver as additional router to surf. Advantage here: you would have the chance to
install squid on it.

Roger




More information about the fedora-list mailing list