Re: Firewall and email/file servers on same machine?
From: James Knott (james.knott_at_rogers.com)
Date: Sat, 15 Jan 2005 08:12:28 -0500
> Is it better from a security point of view to have physically separate
> machines for the firewall and servers, or can these be in the same
> physical machine without compromising security? I've heard that physically
> separating them is good practice, but is there a genuine security reason
> or is this just a maintenance issue?
Firewalls should not be running anything not related to the firewall
funtion. The more you install or run, the greater the possibility of a
security risk. Ideally, you'd even forward vpn and ssh access to another
box, rather than allow it on the firewall.