Mikenell
10-31-2000, 03:44 PM
What is the advantage of setting up a seperate machine to act as a firewall over using a firewall on a normal computer in the network?
Thanks
Mikenell
Thanks
Mikenell
Click to See Complete Forum and Search --> : Advantages of Seperate Firewall Machine
BigBlockMopar
10-31-2000, 04:50 PM
Originally posted by Mikenell:
What is the advantage of setting up a seperate machine to act as a firewall over using a firewall on a normal computer in the network?
Easy.
If someone hacks into your firewall, all they get is the firewall.
If someone hacks into your firewall and your webserver is running on the same machine, they get both your firewall *and* your webserver.
Same goes with mail, news, file, etc. servers.
Ideally, the firewall/gateway should be one machine, the DNS another, the webserver another, mail on another... basically, to build a full-featured "pocket ISP" for your home or business, you're gonna need a pile of systems. Probably 486s and low-end Pentiums will handle each individual task with ease; expect to run 5 or 6 of them for good protection.
Security isn't about preventing everyone getting into your house, car or computer: you can't possibly do that. Security is about slowing the intruder down to the point that they don't bother with you.
If the guy get a shell on your firewall, he doesn't have access to your webserver yet. If, from there, he still wants your webserver, he next has to break into that, and it's another hurdle.
What is the advantage of setting up a seperate machine to act as a firewall over using a firewall on a normal computer in the network?
Easy.
If someone hacks into your firewall, all they get is the firewall.
If someone hacks into your firewall and your webserver is running on the same machine, they get both your firewall *and* your webserver.
Same goes with mail, news, file, etc. servers.
Ideally, the firewall/gateway should be one machine, the DNS another, the webserver another, mail on another... basically, to build a full-featured "pocket ISP" for your home or business, you're gonna need a pile of systems. Probably 486s and low-end Pentiums will handle each individual task with ease; expect to run 5 or 6 of them for good protection.
Security isn't about preventing everyone getting into your house, car or computer: you can't possibly do that. Security is about slowing the intruder down to the point that they don't bother with you.
If the guy get a shell on your firewall, he doesn't have access to your webserver yet. If, from there, he still wants your webserver, he next has to break into that, and it's another hurdle.
Mikenell
10-31-2000, 05:00 PM
Oh, ok thanks.
Mikenell
Mikenell
overlord6
11-01-2000, 08:17 AM
The cool thing is, there is a linux variant out there called, Freesco that will allow you to setup a simple firewall/proxy with a single floppy disk!!
Go check it out at http://www.freesco.org
Go check it out at http://www.freesco.org
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.