Re: dns on firewall
From: Heinz Ekker (hekker-usenet@hoppa.la)Date: 02/28/02
- Next message: Marcus Lauer: "Re: dns on firewall"
- Previous message: Jem Berkes: "Re: Monitoring sftp with ftpwho"
- In reply to: Bruno Wolff III: "Re: dns on firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Heinz Ekker <hekker-usenet@hoppa.la> Date: 28 Feb 2002 00:01:47 GMT
Bruno Wolff III <bruno@cerberus.csd.uwm.edu> wrote:
> The reason for worrying about the firewall itself being compromised, is
> that it becomes easier to use your network for outbound attacks, since
> your filtering rules can be compromised.
Not only that, but because all your in- and outbound traffic will run
via the firewall, the hacker can cause more grieve by sniffing or
manipulating that traffic.
If you take precautions, like restrictions on communication between the
DMZ servers or using different root passwords on your systems it should
be a lot easier to recover from an attack on one of your servers.
> Ideally each service should have its own machine(s), but the cost of
> doing this might be higher than that of taking the risk of running
> multiple services on the same box.
That's recommendable not only for security reasons, but also for
optimized performance. A J2EE application server and BIND competing for
RAM is no fun at all. Increased performance consumption of one service
doesn't affect others, etc. etc.
Running exposed services, like web or DNS on the same box as the - say,
customer database is suicide.
he
- Next message: Marcus Lauer: "Re: dns on firewall"
- Previous message: Jem Berkes: "Re: Monitoring sftp with ftpwho"
- In reply to: Bruno Wolff III: "Re: dns on firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
