[Cialug] DMZ, router's firewall and web server's security...
Dave Weis
djweis at sjdjweis.com
Mon Nov 28 15:52:18 CST 2005
On Mon, 28 Nov 2005, afan at afan.net wrote:
> I just had a talk about my home network and my web server at home and
> people I talked to confused me about couple things.
> First, one said that setting up web server at home and NOT USING DMZ is
> making a hole in my network and security system. He said that I HAVE to
> use DMZ.
DMZ is worse in terms of security if you don't really need it. Using port
forwarding only sends single ports through. DMZ sends everything that the
modem doesn't know what to do otherwise with through.
> Second, other guy was almost laughing at me when I told him that ONLY
> firewalls I use in home network are modem's and router's firewalls (I
> have Web server on SuSE 9.2 and I have two Windows and one Mac computer
> in network). He said that these are something like low-level, low-secure
> firewalls and that I have to have something good!.
Host-based firewalls aren't generally as secure because they are running
on a general purpose machine that can be compromised. There are some
viruses/spyware that will automatically click the allow internet access
button for norton and zonealarm. I go by the principal that if it doesn't
even get to your machine you are better off.
--
Dave Weis "I believe there are more instances of the abridgment
djweis at sjdjweis.com of the freedom of the people by gradual and silent
encroachments of those in power than by violent
and sudden usurpations."- James Madison
More information about the Cialug
mailing list