Home page logo
/

basics logo Security Basics mailing list archives

Re: Reasons for using an external firewall
From: Paul Cardon <paul () moquijo com>
Date: Wed, 20 Nov 2002 09:59:30 -0500

John P wrote:
However in this setup, how much extra protection can an external firewall
give? The machines have to have open ports portforwarded through any
firewall (80/25/etc) and I assume would remain exploitable to buffer
overflows, bug exploits etc. I could restrict access to the other open
system ports and services by turning them off, using ipchains/ipfilter and
hosts.deny etc. DoS situations would be difficult to protect against even
with an external firewall.

What extra security will an external firewall actually provide? I suppose
other nice features like VPN, etc, but what else? It's quite a busy site, so
could ipfilter generate quite a lot of load, which could be shifted onto a
dedicated firewall?

One benefit of an external firewall is to restrict outbound traffic. Some exploits attempt to make outbound connections so having the control on a separate device will prevent these portions of the attack from working. If this control is implemented on the server itself it could be circumvented when the server is compromised.

-paul


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]