[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security question



On Tue, 2005-04-05 at 14:26 +0200, Sasa Stupar wrote:
> I want to hear your opinion on the following net configurations:
> 1. cablemodem -> router -> server in DMZ
> 			-> LAN users
> 2. cablemodem -> router/server -> LAN users
> 
> Which one is more secure and what are the risks on each one?
> 

#1 is generally better. Why? In #2, your web server software could be
hacked, for example, and then your entire network is unprotected and
open to the intruder. In #1, if your web server is hacked, then that one
box is hacked and the rest of the network is protected by the
router/firewall. Firewalls should have as little as possible installed
on them.

Many/most cheap hardware firewalls do not have proper DMZ's, so a
properly-configured Linux box is your best solution. I use Fedora Core 3
boxes with Shorewall and three or more NIC's to do this, but there are
certainly other ways to peel that potato.

Cheers,

-- 
Rodolfo J. Paiz <rpaiz simpaticus com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]