tarballed
August 19th, 2003, 13:52
I was reading through some of my new books last night regarding security. After reading a few things about Bastion hosts, DMZ's and packet filters, I read a part where it suggested setting up a packet filter on your hosts in the DMZ...I figured, this could be a very good think...
Here is my reasoning as to why I think this would be a great idea.
If I just stick up a hardened server in the DMZ without a packet filter of some sort, I am solely relying on the router and firewall to do all of the blocking. We all know that some firewalls are not perfect and let things slip through. I figured, why not setup PF on my Mail gateway, which is running OpenBSD 3.3. It would add an extra layer of security as well as let me play with a PF firewall at work.
Also, I can setup the BSD box to only allow certain services coming in from the firewall, while allowing SSH connections coming from my intranet.
Just thought i'd bounce this off everyone here to see what they though and get some opinions..
Any thoughts? :)
Tarballed
Here is my reasoning as to why I think this would be a great idea.
If I just stick up a hardened server in the DMZ without a packet filter of some sort, I am solely relying on the router and firewall to do all of the blocking. We all know that some firewalls are not perfect and let things slip through. I figured, why not setup PF on my Mail gateway, which is running OpenBSD 3.3. It would add an extra layer of security as well as let me play with a PF firewall at work.
Also, I can setup the BSD box to only allow certain services coming in from the firewall, while allowing SSH connections coming from my intranet.
Just thought i'd bounce this off everyone here to see what they though and get some opinions..
Any thoughts? :)
Tarballed