Port Forwarding vs. Running Servers on Firewall

CLIFFORD ILKAY clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org
Thu Sep 4 18:55:32 UTC 2003


Hi,

Security conscious system administrators seem to favour running as few 
services on the firewall as possible and prefer to put things like http, 
smb, smtp, pop, etc. on boxes in a DMZ or behind the firewall. I guess the 
theory is the more services that are run on the firewall, the greater the 
points of vulnerability, but, if one must allow access to http, smtp, and 
pop from the outside world, one still has to open those ports on the 
firewall and forward them to the appropriate machines on the inside 
network. Setting aside the DMZ issue for the time being, what, if any, 
advantage is there to running these services on machines behind the 
firewall? Is it just that if the firewall is compromised, the bad guy still 
has to crack the machine on the inside or is there something I am missing?

Regards,

Clifford Ilkay
Dinamis Corporation
3266 Yonge Street, Suite 1419
Toronto, Ontario
Canada M4N 3P6

Tel: 416-410-3326

mailto:clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org 

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list