Re: other services on a firewall

To: Ken Stanley <buddha@ih8dos.com>
Cc: debian-firewall@lists.debian.org, recipient list not shown: ;
Subject: Re: other services on a firewall
From: Charles <charlesiii@theverge.com>
Date: Tue, 4 May 1999 18:23:52 -0300 (ADT)
Message-id: <[🔎] Pine.LNX.4.10.9905041818200.11185-100000@theverge.com>
In-reply-to: <[🔎] 372F6371.42A55FF7@ih8dos.com>

The firewall on an isp should be used to block certian out
going traffic. Ie if a web server is for only recieveing and
never sends out it should not beallowed to send out.
If the firewall was right on the web server and the
web server was rooted. It could take the firewall down
and get full access to the network.

The firewall is used to stop traffic
and log traffic. 

If it runs lots of extra services it will has that much more of 
a chance to be rooted and disabled. If it is rooted
logs can be deleted or edited if they are stored on
that machine and they should not be.

Sorry for my bad explaintion my english is not the best.

Charles Verge

The Verge Internet Services
http://www.theverge.com  
The place for your site !

On Tue, 4 May 1999, Ken Stanley wrote:

> Just out of curiousity why would you limit a perfectly fine PC
> to just run a firewall? You should be able to add other services
> along with the firewalled machine and not freak out over security
> as bad as long as you set everything up properly.
> 
> Isn't there an old saying, "The program is only as good as the
> programmer?" Couldn't that be applied in this case too?
> 
> Personally I run a small local network that has access to the
> Internet via one of my Linux machines. This machine also
> has a web server, file server, and a FTP server on it too.
> 
> I don't have to worry about security with any of these services
> running on the firewall machine because I set each up the way
> I needed them to be so that only the correct people get access.
> Granted this takes longer then just unpacking and installing the
> source of each, but it is well worth it and helps consolidate
> the expense of one machine per service.
> 
> Personally I think that putting all your faith about these other
> services in one simple firewall is crazy, but that is only me.
> 
> Just a humbled opinion...
> 
> Ken
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

References:
- Re: other services on a firewall
  - From: Ken Stanley <buddha@ih8dos.com>

Prev by Date: Re: other services on a firewall
Next by Date: Re: other services on a firewall
Previous by thread: Re: other services on a firewall
Next by thread: Re: other services on a firewall
Index(es):
- Date
- Thread