[clue-tech] necessity of external hardware firewall
David L. Anselmi
anselmi at anselmi.us
Mon Jul 31 20:07:35 MDT 2006
Greg Knaddison wrote:
[...]
> I'm about to get a dedicated server to run typical website services:
> www, smtp, imap, mysql, etc. Is it worth getting an external
> firewall? What factors would impact your decision to have an external
> firewall for a server? Are there some features of hardware firewalls
> that make them worthwhile above the firewall already available?
For one box, skip the extra firewall. You may already have something
that provides some separation between you and the Internet, NAT, router
ACL, whatever. It doesn't hurt to use it for what it can do. But
you'll get about the same result by turning off all the services the
Internet shouldn't use with much less effort.
Certainly something fancier would do more stuff but it hardly sounds
like it's worth the effort, even if it's free.
Rather than have us guess what might be most appropriate for you why
don't you propose to us how you would use a firewall? We can tell you
what is redundant or missing and you can decide whether you've made a
good design.
Give us a complete description of the networks involved, the servers,
the services they provide, who uses the services (what networks they are
on), and what resources (data, service, etc.) you want to protect.
I'd also suggest that, besides turning off services you don't want the
public using, you should get your backup/restore system working before
you worry about a firewall.
Dave
More information about the clue-tech
mailing list