Security question
Scot L. Harris
webid at cfl.rr.com
Tue Apr 5 15:05:08 UTC 2005
On Tue, 2005-04-05 at 08:26, Sasa Stupar wrote:
> Hi!
>
> I want to hear your opinion on the following net configurations:
> 1. cablemodem -> router -> server in DMZ
> -> LAN users
> 2. cablemodem -> router/server -> LAN users
>
> Which one is more secure and what are the risks on each one?
Option one is the better setup. The simpler you keep your
router/firewall the better. Fewer services on it means fewer things
that may provide a path in for intruders.
Are you using a linux firewall/router or one of the cheap NAT routers?
If a cheap NAT router the DMZ they talk about is just forwarding all
packets coming in to a specific address on your internal LAN. It works
but is not optimal from a security view.
--
Scot L. Harris
webid at cfl.rr.com
Take Care of the Molehills, and the Mountains Will Take Care of Themselves.
-- Motto of the Federal Civil Service
More information about the fedora-list
mailing list