[Cialug] DMZ, router's firewall and web server's security...

Jerry Heiselman jweida at gmail.com
Mon Nov 28 11:09:58 CST 2005 

On the first point, some servers do require that they be in the DMZ.  DNS is
one of those that works without being in the DMZ, but certain errors can
crop up if it is setup that way.  I have run many webservers with only port
forwarding (not DMZ) and they have worked just fine.  I believe that HTTP
works well enough that there is no need to put your webserver in the DMZ if
you do not want to.  If I'm wrong on this point, would somebody please point
out why this is not recommended as I have heard it too, but never heard a
justification for it.

On the second point, router firewalls are decent.  They block unrequested
inbound traffic and will generally stop anything that comes to your door
knocking.  The advantage of having a software firewall or enhanced firewall
such as a Cisco PIX is that you can not only block inbound traffic, but you
can also block outbound traffic.  This can help in determining if someone or
something has compromised your system and is trying "dial home" for any
purpose.  I have used a software firewall in the past to do this type of
security, but for most home users, I find that it is overkill and can lead
to more support calls then anything.

jerry

On 11/28/05, afan at afan.net <afan at afan.net> wrote:
>
> Hi,
> I just had a talk about my home network and my web server at home and
> people I talked to confused me about couple things.
> First, one said that setting up web server at home and NOT USING DMZ is
> making a hole in my network  and security system. He said that I HAVE to use
> DMZ.
> On my modem's setting page though I found that I have to turn DMZ on just
> in case I make server for special needs, like gaming server or video
> conferencing.
> Do I really NEED DMZ turned "On"? My opinion is that I don't need it for
> web server at home.
>
> Second, other guy was almost laughing at me when I told him that ONLY
> firewalls I use in home network are modem's and router's firewalls (I have
> Web server on SuSE 9.2 and I have two Windows and one Mac computer in
> network). He said that these are something like low-level, low-secure
> firewalls and that I have to have something good!.
> When I started using hi speed Internet access (first cable then DSL), and
> I talked to people about firewalls, all of them told me the same: my
> computers behind modem's and router's firewalls are REALLY safe. I had some
> period of time Zone Alarm, but after one guy compared it as "Having 2 spare
> wheels on car - it's better then one, but chances to need them both are so
> small and not worth to carry 2nd one" - I took it off.
> What do you think?
>
> -afan
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20051128/12b6ecaa/attachment.htm

More information about the Cialug mailing list