[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security question



On Tue, 2005-04-05 at 08:26, Sasa Stupar wrote:
> Hi!
> 
> I want to hear your opinion on the following net configurations:
> 1. cablemodem -> router -> server in DMZ
> 				-> LAN users
> 2. cablemodem -> router/server -> LAN users
> 
> Which one is more secure and what are the risks on each one?

Option one is the better setup.  The simpler you keep your
router/firewall the better.  Fewer services on it means fewer things
that may provide a path in for intruders.

Are you using a linux firewall/router or one of the cheap NAT routers?  
If a cheap NAT router the DMZ they talk about is just forwarding all
packets coming in to a specific address on your internal LAN.  It works
but is not optimal from a security view.

-- 
Scot L. Harris
webid cfl rr com

Take Care of the Molehills, and the Mountains Will Take Care of Themselves.
		-- Motto of the Federal Civil Service 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]