On Sat Mar 22, 12:01pm -0600, Hanasaki JiJi wrote: > firewall runs > whois server - gwhois or jwhois? No comment, I don't run any WHOIS servers. > iptables - firewall iptables is fine, if you set it up properly. > bind9 - for external dns > <no connection between these two servers> Also fine, if you set it up properly and keep an eye on bugtraq and related for security issues. > NAT from internal SQUID server to internet I shall assume this is firewalled. > ntp - time server for internal > <safe to run this on the firewall?> No comment, I do run a bunch of ntp servers, but they're all internal and firewalled (so I haven't done any audits or anything). > host(s) inside the firewall > smtp server - exim4 Fine, if you set it up properly and track security issues (has a decent history). > dhcp3-server for internal See above. > bind9 - for internal dns See above. > squid - http proxy See above. > webserver - apache for internal and external > domain.com > internal.domain.com > <both on same server> Fine, if you set it up properly and track security issues. For those daemons which aren't known to be riddled with holes and issues, you'll only be okay if you set them up properly and monitor for security issues - you can't ever get out of that.
Attachment:
pgpmlhlAa6b3P.pgp
Description: PGP signature