Re: Firewall and email/file servers on same machine?
From: markp (map.nospam_at_f2s.com)
Date: Sun, 16 Jan 2005 17:13:04 -0000
"Wolfgang Kueter" <email@example.com> wrote in message
> markp wrote:
>> Is it better from a security point of view to have physically separate
>> machines for the firewall and servers,
>> or can these be in the same
>> physical machine without compromising security? I've heard that
>> separating them is good practice, but is there a genuine security reason
>> or is this just a maintenance issue?
> Yes, there is a genuine security reason and that reads: 'Run as few
> services as possible on a security device!' For any service offered by the
> box sooner or later an exploit might be found. What is not there cannot be
> exploited. Best is to run _no_ services on a firewall at all.
> On the contrary more machines means more neccessary effort for
> administration (installing patches, hardware maintainance etc.).
Thanks! I think that I'll set up a firewall only machine, and put other
stuff on another machine locally.