Port Forwarding vs. Running Servers on Firewall
CLIFFORD ILKAY
clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org
Thu Sep 4 18:55:32 UTC 2003
Hi,
Security conscious system administrators seem to favour running as few
services on the firewall as possible and prefer to put things like http,
smb, smtp, pop, etc. on boxes in a DMZ or behind the firewall. I guess the
theory is the more services that are run on the firewall, the greater the
points of vulnerability, but, if one must allow access to http, smtp, and
pop from the outside world, one still has to open those ports on the
firewall and forward them to the appropriate machines on the inside
network. Setting aside the DMZ issue for the time being, what, if any,
advantage is there to running these services on machines behind the
firewall? Is it just that if the firewall is compromised, the bad guy still
has to crack the machine on the inside or is there something I am missing?
Regards,
Clifford Ilkay
Dinamis Corporation
3266 Yonge Street, Suite 1419
Toronto, Ontario
Canada M4N 3P6
Tel: 416-410-3326
mailto:clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list