Home page logo

basics logo Security Basics mailing list archives

Re: Question about firewalls.
From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 22 May 2003 11:23:53 -0700

From: "Allan Schon" <allanschon () mckinleymachinery com>
I have a quick question about basic network/firewall setup.

I am about to move into a new apartment, and am taking the opportunity to rethink the way I have my private network set up. I currently have a box running Slackware Linux v9.0 running iptables as the main firewall/gateway to my broadband connection. I also have web, mail, ssh, and a couple other servers running on that machine. My desktop computer runs WinXP, and my roommates each run Win98. I have a few extra boxes sitting in a closet collecting dust, and I was thinking about bringing them online.

Would I gain any security by dedicating one machine to firewall/NAT functionality and forwarding ports on to another host? The only advantage I can think of is that a root exploit on any of the services I allow through the firewall would essentially give the attacker free reign over my entire network, instead of just the single machine. The primary disadvantage is the one which my wallet will experiance, as keeping another machine running 24/7 will increase the electricity bill somewhat. Do you think that the real gain in security(if any) is worth the added cost?

Given your environment (home use) I believe this would actually tend to lower your security level by making it less likely that you'd keep everything tightened down and updated. With the number of users you have it's quite reasonable to keep all the "server stuff" on one box. In theory, seperation of services would limit vulnerability, but since a little downtime isn't a CRISIS, I think it would be a waste of effort.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"All I want is a few minutes alone with the source code for the universe and a quick recompile."

Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]