Re: Firewall on server itself
From: chris (chris09_at_comcast.net)
Date: 06/25/03
- Previous message: Jason K. Boykin: "Re: Oh Dear, Where to start?!"
- Maybe in reply to: Anish Basu: "Firewall on server itself"
- Next in thread: Depp, Dennis M.: "RE: Firewall on server itself"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Jun 2003 19:22:49 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <Pine.SOL.4.10.10306250223530.25691-100000@remus.rutgers.edu>
Yes this is a good idea. I dont know about how your hardware firewall is
setup but I assume its port forwarding capable seeing as you have a web
server behind it. If you have additional ports opened up this may allow
someone to compromise a machine on the inside. From this machine the web
server can be compromised. Its a good idea to slap on even a light
firewall blocking unessecary traffic to the web server. Just as a
precaution.
--chris
>Received: (qmail 22708 invoked from network); 25 Jun 2003 15:27:06 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
> by mail.securityfocus.com with SMTP; 25 Jun 2003 15:27:06 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id 04FA5A38D9; Wed, 25 Jun 2003 09:11:23 -0600 (MDT)
>Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics@securityfocus.com>
>List-Help: <mailto:security-basics-help@securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
>Delivered-To: mailing list security-basics@securityfocus.com
>Delivered-To: moderator for security-basics@securityfocus.com
>Received: (qmail 21137 invoked from network); 25 Jun 2003 06:20:38 -0000
>Date: Wed, 25 Jun 2003 02:24:46 -0400 (EDT)
>From: Anish Basu <anishb@remus.rutgers.edu>
>To: security-basics@securityfocus.com
>Subject: Firewall on server itself
>Message-ID: <Pine.SOL.4.10.10306250223530.25691-100000@remus.rutgers.edu>
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>I am trying to set up a secure web server which will already be protected
>by a dedicated harware firewall. The hardware firewall will be configured
>to protect the web server as well other computers on the network. The
>web server will be running Red Hat 9.0. Is there any reason to install
>and configure firewall software such as IPTables on the web server itself?
>Are there any advantaqes or disadvantages to having two firewalls set up
>this way?
>
>Thanx in advance for any help.
>
>
>*************************************************************
>Anish Basu (anishb@eden.rutgers.edu)
>Chair Events and Programming
>Co-Chair Internet Security
>USACS, Undergraduate Student Alliance of Computer Scientists
>http://usacs.rutgers.edu
>*************************************************************
>
>-----BEGIN PGP PUBLIC KEY BLOCK-----
>Version: GnuPG v1.2.1 (GNU/Linux)
>
>mQGiBD73j5cRBACZL6r2HapGwo05TAkgw3xGvkfWQl19010ucpiMECdJBI9KfgrK
>/F9qUAcdKeJvJUSNVIDudfs+LKf8chpW3+uhH121m01PrlNKK+PU4BGlkEAMvmMw
>UJaG1Qq37Vs9uw0Ar2bCzq8XDUdbSuJtv/AucTJW4gv30NIwnHYHSesKuwCglKXi
>jAkwG0hXxFX33WqsX+OYffEEAJWhaF3VfXVgiz8xaWSNwatd8CKsZlknBnomJpen
>TVdlsnl+18Nyl2VjRzcRimYJQdEKUQjpUfjrmOP1+OCPA1cvk46KMO2frdvbGRLs
>PxWrxa60G7bJVpuw1LF1cTNAiFzQT3uaZzOIj+zZvntBPvi6dTgeqqt0G4T5fdhM
>398bA/sHktmFOBtYMTFTbNF74HeMv1DfmRHjDygkpOS+ZZrdZUIv0VXSyPjwsVLY
>zF+J8pzyxDVhD9gtTnlIUxGFW22S+PSvFDXPwB//Vrcux6ogfuAhpRjbrC5K1ED+
>sTzMNebZVaDAQvsCFhKlHoYlwMsUnOASDcrlTDPIe7h8rt/BkbQkQW5pc2ggQmFz
>dSA8YW5pc2hiQGVkZW4ucnV0Z2Vycy5lZHU+iFkEExECABkFAj73j5cECwcDAgMV
>AgMDFgIBAh4BAheAAAoJEFg2FXGIkwwyXpkAni1mKIaIF8xvQTII6U+5oas1Zhyc
>AJ99GSjXgiVS7ED/dS+Ti9LPUuP1NLkBDQQ+94+cEAQApxgDaofLmhxouHOX0dPz
>qitLgWwJUB5hTB1duFSdBGBVwAPSVLzE33UJiwiYr0L/lSJenfwh50FeavqyHSxE
>M0ttF5/yP+7y1pmWMkxcBkntmKOPMNyC+ptV3TTK9geGcIxZyIx4sm631Pb3PNCf
>2p7PrgsLYNJLktP4jERvw/cAAwUD/AkVM2zoMjPkZd7+BGrJeNzuTENq7m7xc1ur
>v6fLWx+K0eNbfkKoyiLqVTTtSzX8CV2j/nu+Vwnfy/4Qr3KKdd1fg0W088FPPhQO
>7ZqVS89lAePLNBHSrhS9Et63A74Qw58W/fS9UMVGvATrdRTqCXv5ru/yGLalqWTU
>1yi8zSpViEYEGBECAAYFAj73j5wACgkQWDYVcYiTDDLACwCdHBAHf/UwoB8BsbDk
>IGoZW0tuD7cAnRi5TN/irq9muS3jENqIJB+rquV0
>=od0b
>-----END PGP PUBLIC KEY BLOCK-----
>
>
>--------------------------------------------------------------------------
-
>Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
>The Gartner Group just put Neoteris in the top of its Magic Quadrant,
>while InStat has confirmed Neoteris as the leader in marketshare.
>
>Find out why, and see how you can get plug-n-play secure remote access in
>about an hour, with no client, server changes, or ongoing maintenance.
>
>Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
>--------------------------------------------------------------------------
--
>
>
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Jason K. Boykin: "Re: Oh Dear, Where to start?!"
- Maybe in reply to: Anish Basu: "Firewall on server itself"
- Next in thread: Depp, Dennis M.: "RE: Firewall on server itself"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
