Grouping the types of services you mentioned on one box makes sense. Having your main email server, DNS, file shares etc on the same box as
your firewall is IMHO asking for trouble.
We do run a hardened postfix mail relay on the firewall, as well as dns, dhcp and squid (but I'd agree that file shares would be better placed elsewhere) So, if that be asking for trouble, trouble seems to be hard of hearing.
And trying to run video and audio editing packages as well as your personal email client and X on the same box as the firewall is what I consider a problem waiting to happen. The edges of your network need to be hardened as much as possible. Keeping user applications behind the firewall is what should be done. Putting security applications on the firewall is what it is for.
In bigger shops with lots of rack space and lots of traffic that makes sense - but in a small shop it makes perfect sense to consolidate more.
Agreed, something like lotus notes IMHO should not be on a firewall - it should be tucked safely inside, and protected from the big bad internet by a sendmail or postfix relay.
If I had not had a DBA wipe out a file system while doing an oracle upgrade which in turn knocked out email services for the entire department as well as web services and Lotus notes on that box I would probably be happy to put all kinds of stuff on a box. But including those kinds of applications on a firewall is in my book a major no no.
Joe
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
