Re: Running more than one service on one box
From: Dustin Puryear (dpuryear@usa.net)Date: 09/14/01
- Previous message: Devdas Bhagat: "Re: Hardware Firewall vs Software Firewall"
- In reply to: Michael Kjorling: "Running more than one service on one box"
- Next in thread: Peter Mueller: "RE: Running more than one service on one box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: Re: Running more than one service on one box From: Dustin Puryear <dpuryear@usa.net> To: Michael Kjorling <michael@kjorling.com> Date: 14 Sep 2001 16:41:25 -0500 Message-Id: <1000503685.27848.38.camel@crack.vedalabs.com>
It all depends on the size and type of company you work for, at least in
my experience. It can be pretty expensive to delegate each service to a
dedicated machine. However, when you do this your level of availability
tends to increase because a broken box will not take out multiple
services.
Personally, I have never worked for a large company (I always end up
with the small to medium sized ones), and budgets are always tight. Keep
a good dedicated firewall, make sure each service has a backup, tighten
your servers, and you may find yourself in good shape.
For example, in a small network it can be very sensible to allow a PDC
to handle file sharing services, while dedicating a separate box as an
Exchange server. Your BDC could then be the database server, and so
forth.
Basically, be realistic. Is the increased security worth the investment?
Regards, Dustin
On Thu, 2001-09-13 at 11:26, Michael Kjorling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Please apologize me if this has been asked before, but I haven't seen
> it lately at least.
>
> Right now several of my servers are serving more than one thing - one
> does web, mail (both SMTP and POP), and DNS. Another does the same and
> adds the usual risks with being a workstation as well.
>
> I have been lobbying to split this up on more machines, and using one
> per service. That is, let one machine handle the email (possibly
> forwarding it to internal systems), let one handle the web, two for
> DNS (master and slave) and so on. But we are talking about a pretty
> small company so I am having a problem of getting the hardware this
> would require. It took an actual break-in to one of the systems before
> I was allowed to buy a dedicated hardware firewall, and I would prefer
> not having to go through the same mess again.
>
> Could someone please give me some hints as to what the actual security
> implications would be of a setup like this? As it is, the company in
> question is rather dependant on their Internet connectivity (web site,
> email and so on), and I don't want to get into trouble if someone
> breaks in through a DNS implementation problem and then escalates
> their access and starts messing with the web site, for example.
>
> Any help is greatly appreciated!
>
>
> Michael Kjörling
>
> - --
> Michael Kjörling - michael@kjorling.com - PGP: 8A70E33E
> Manager Wolf.COM -- Programmer -- Network Administrator
> "We must be the change we wish to see" (Mahatma Gandhi)
>
> ^..^ Support the wolves in Norway -- go to ^..^
> \/ http://home.no.net/ulvelist/protest_int.htm \/
>
> ***** Please only send me emails which concern me *****
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For my PGP key: http://michael.kjorling.com/contact/pgp.html
>
> iD8DBQE7oN5TKqN7/Ypw4z4RAkUwAJ43lou3pPNOtuDYx4Rp2DP64Tj1KQCeI0Tn
> EDoYeS++weIT3TWxp3PnkWA=
> =4/7X
> -----END PGP SIGNATURE-----
>
>
>
-- Dustin Puryear <dpuryear@usa.net> http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams
- Previous message: Devdas Bhagat: "Re: Hardware Firewall vs Software Firewall"
- In reply to: Michael Kjorling: "Running more than one service on one box"
- Next in thread: Peter Mueller: "RE: Running more than one service on one box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
