Re: About Operating Systems security

From: yannick'san (yannicksan_at_free.fr)
Date: 05/28/03

  • Next message: Shaun Moore: "Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail" 
    To: <salgak@speakeasy.net>, <security-basics@securityfocus.com>
Date: Wed, 28 May 2003 20:40:53 +0200

    I'm completly agree with you... In fact, I forgot to mention that here, all
    I do is in a model environment and once everything will be written, studied
    and aproved, I will start thinking about plugging it on a the network and
    this time I won't have all my eggs in the same bag.

    Thanks,

    -Yannick

    -------------------------------------------------
    Well, it's generally accepted practice that a firewall should be the only
    application running on the firewall box: adding a webserver and database
    opens up two additional areas for a hacker to exploit and gain root access.

    Databases are exceptionally problematical: remote procedure calls are the
    LAST thing you want on a firewall.

    Keep your webserver and database server BEHIND the firewall. If you can do
    no other solution, get a hardware firewall unit and run your web and DB on a
    separate box.

    The nice thing about using Open Source software, and especially the many
    Linux variants, is that it WILL run just fine on older equipment that might
    otherwise be discarded or surplused. An old desktop box will run a Linux
    firewall fine. You'll get better protection from exploits AND save the
    company some cash. . .
    -------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Shaun Moore: "Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"

    Relevant Pages

    • RE: Databases
      ... have the private key to setup the tunnel through the firewall. ... Why use IPSec between web box and database? ... at are a server running either MySQL/APACHE/PHP or SQL Server 2000 ...
      (Security-Basics)
    • Re: ISA Firewall error (Service not starts)
      ... ISA server isn't on the same domain as my DC, and is in use as a perimeter ... This may be due to the firewall, i have one domain controller and one ... This can be due to a timeout connecting to the MSDE database. ... "The Microsoft Firewall was unable to connect to MSDE database. ...
      (microsoft.public.isa)
    • Re: Firewall Shutdown - Please help
      ... The default ISA configuration shuts down ISA if logging fails. ... Unfortunately, while I was on travel the last two weeks, the firewall ... Source: Microsoft Firewall Event ID: 21192 ... The Microsoft Firewall was unable to connect to MSDE database. ...
      (microsoft.public.windows.server.sbs)
    • Re: Firewall Shutdown - Please help
      ... The default ISA configuration shuts down ISA if logging fails. ... Unfortunately, while I was on travel the last two weeks, the firewall ... Source: Microsoft Firewall Event ID: 21192 ... The Microsoft Firewall was unable to connect to MSDE database. ...
      (microsoft.public.windows.server.sbs)
    • Re: vsftpd & encrypted passwords
      ... compare it against some database query. ... > administrative machine inside the firewall. ... > So is Kerberos still the way to go? ...
      (comp.os.linux.misc)