Re: DSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Scot L. Harris wrote:

Grouping the types of services you mentioned on one box makes sense. Having your main email server, DNS, file shares etc on the same box as
your firewall is IMHO asking for trouble.



We do run a hardened postfix mail relay on the firewall, as well as dns, dhcp and squid (but I'd agree that file shares would be better placed elsewhere) So, if that be asking for trouble, trouble seems to be hard of hearing.


And trying to run video and
audio editing packages as well as your personal email client and X on
the same box as the firewall is what I consider a problem waiting to
happen.  The edges of your network need to be hardened as much as
possible.  Keeping user applications behind the firewall is what should
be done.  Putting security applications on the firewall is what it is
for.


In bigger shops with lots of rack space and lots of traffic that makes sense - but in a small shop it makes perfect sense to consolidate more.



If I had not had a DBA wipe out a file system while doing an oracle upgrade which in turn knocked out email services for the entire department as well as web services and Lotus notes on that box I would probably be happy to put all kinds of stuff on a box. But including those kinds of applications on a firewall is in my book a major no no.

Agreed, something like lotus notes IMHO should not be on a firewall - it should be tucked safely inside, and protected from the big bad internet by a sendmail or postfix relay.

Joe


-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list

[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux