[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Using a separate machine for firewalling.
- Subject: Re: [cobalt-security] Using a separate machine for firewalling.
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Mon, 23 Jul 2001 10:42:03 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
From: "Bill Irwin" <bill_irwin@xxxxxxxx>
> It would seem
> to me that having a separate machine setup for a firewall would be a
> very good protection from hackers getting into your system. If they were
> able to get in, chances are they wouldn't have a place to go.
Using a separate machine or device as a firewall is a good idea, but not
because a hacker would have no place to go if they got into it. Remember,
the firewall is the gateway between your system and the rest of the
internet. If a hacker managed to compromise your firewall, he has control of
everything. He can open or close whatever ports he wants, setup sniffers on
your internal network, etc.
A separate machine as a firewall is a good idea because you won't have many
services running and therefore the firewall could be hardened and more
difficult to attack. A general rule in security is that complexity breeds
security holes, and based on that thinking, having your firewall on a
separate, more simply configured machine is a good idea.
Kevin