Re: Firewall and email/file servers on same machine?

From: markp (map.nospam_at_f2s.com)
Date: 01/16/05


Date: Sun, 16 Jan 2005 17:13:04 -0000


"Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
news:csb1b2$tbp$1@news.shlink.de...
> markp wrote:
>
>> Is it better from a security point of view to have physically separate
>> machines for the firewall and servers,
>
> Yes.
>
>> or can these be in the same
>> physical machine without compromising security? I've heard that
>> physically
>> separating them is good practice, but is there a genuine security reason
>> or is this just a maintenance issue?
>
> Yes, there is a genuine security reason and that reads: 'Run as few
> (public)
> services as possible on a security device!' For any service offered by the
> box sooner or later an exploit might be found. What is not there cannot be
> exploited. Best is to run _no_ services on a firewall at all.
>
> On the contrary more machines means more neccessary effort for
> administration (installing patches, hardware maintainance etc.).
>
> Wolfgang

Thanks! I think that I'll set up a firewall only machine, and put other
stuff on another machine locally.

Mark.



Relevant Pages

  • Re: Firewall and email/file servers on same machine?
    ... >> Is it better from a security point of view to have physically separate ... >> machines for the firewall and servers, or can these be in the same ... rather than allow it on the firewall. ...
    (comp.os.linux.networking)
  • Re: Firewall and email/file servers on same machine?
    ... "Wolfgang Kueter" wrote in message ... >> Is it better from a security point of view to have physically separate ... >> separating them is good practice, but is there a genuine security reason ...
    (comp.os.linux.networking)
  • Re: Firewall and email/file servers on same machine?
    ... "Wolfgang Kueter" wrote in message ... >> Is it better from a security point of view to have physically separate ... >> separating them is good practice, but is there a genuine security reason ...
    (comp.security.firewalls)
  • Re: Personal Firewalls
    ... Wolfgang Kueter confessed in news:ct62uv$k8q$1 ... >> I now need some material on firewalls and if they are the right security ... >> software for home users with a single computer connected to the internet ...
    (comp.security.firewalls)