Date: Fri, 10 Aug 2001 10:46:37 +1000 (EST) From: =?iso-8859-1?q?Keith=20Spencer?= <bsd2000au@yahoo.com.au> To: Tabor Kelly <pdxmax@dsl-only.net> Cc: fbsd <freebsd-questions@freebsd.org> Subject: Re: Separate firewall or not? Message-ID: <20010810004637.15724.qmail@web12004.mail.yahoo.com> In-Reply-To: <11621029839.20010809174155@dsl-only.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Tabor, Thanks! If I don't remove the compiler can I restrict it? Can I stop shell accounts? Do I put DNS on the firewall or behind it? Thanks keith --- Tabor Kelly <pdxmax@dsl-only.net> wrote: > IMHO you should use a separate firewall. I wouldn't > take your compiler > off of it, it makes certain tasks very difficult > (like building a new > kernel). > > Personally, I leave one thing on my firewall: sshd. > > There are many reasons not to use a normal server as > a firewall, one > large one is that, you only need 2 accounts on a > firewall: root, and > one user account. On a webserver you frequently have > many, many > account, all of which can be used against you! > > Note: I am not a network security expert, though I > like to pretend > that I know a little bit about security. > > On Thursday, August 09, 2001, 4:57:28 PM, Keith > wrote: > > Hi all, > sorry to repeat but I am in the middle of an urgent > anti-hacking rebuild. > Should I build a separate preimeter firewall machine > with only that on it...restrict/remove compilers etc > (how do I do that?) and have the router/dns/web/wail > server inside the perimeter. > OR > should I simply put IPFW on the router/dns/web/mail > server? > Any ideas guys? > Tjhanks > Keith > > _____________________________________________________________________________ > http://shopping.yahoo.com.au - Father's Day Shopping > - Find the perfect gift for your Dad for Father's > Day > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message > > _____________________________________________________________________________ http://shopping.yahoo.com.au - Father's Day Shopping - Find the perfect gift for your Dad for Father's Day To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010810004637.15724.qmail>