Home page logo

basics logo Security Basics mailing list archives

Re: About Operating Systems security
From: "yannick'san" <yannicksan () free fr>
Date: Wed, 28 May 2003 20:40:53 +0200

I'm completly agree with you... In fact, I forgot to mention that here, all
I do is in a model environment and once everything will be written, studied
and aproved, I will start thinking about plugging it on a the network and
this time I won't have all my eggs in the same bag.



Well, it's generally accepted practice that a firewall should be the only
application running on the firewall box: adding a webserver and database
opens up two additional areas for a hacker to exploit and gain root access.

Databases are exceptionally problematical: remote procedure calls are the
LAST thing you want on a firewall.

Keep your webserver and database server BEHIND the firewall.  If you can do
no other solution, get a hardware firewall unit and run your web and DB on a
separate box.

The nice thing about using Open Source software, and especially the many
Linux variants, is that it WILL run just fine on older equipment that might
otherwise be discarded or surplused.   An old desktop box will run a Linux
firewall fine.  You'll get better protection from exploits AND save the
company some cash. . .


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]