On Feb 17, 2005, at 2:30 AM, Craig Brooksby wrote:
>> I use a linux box as a router and file server for my home lan...
>
> Well, now that makes sense: I see the merits of running router,
> firewall etc. on your Linux box it you are already using it as a
> fileserver / printserver. That's probably the answer, right there.
> Not that there are any particular advantages to using it simply as a
> router, but once it is already serving these other functions, might as
> well have it do the whole shebang.
>
> Sorry if that was already obvious to everybody else! Thanks --
Well... actually, while combining a router and firewall and print/file
server into one box is extremely common, from a security point of view,
it's not that great of an idea. The problem with having an all in one
solution is that if one aspect of it gets compromised, then the entire
thing is compromised. That is, if the firewall is breached, then the
cracker doesn't need to do any more effort to get full access to all of
your files. Also, the more you have installed on one machine, the more
dependent everything gets on it. If you have router, firewall, file
server, http proxy, and mail server (say) all on one machine, then if
that machine goes down, the rest of your network might as well be made
up of dumb terminals.
Not that's not to say that you *can't* combine the services. Most
people do, in fact. I used to. It's extremely convenient and as long
as you keep up with all of the patches to iptables and the various
servers, it's unlikely you'll be cracked. But having a separate
dedicated firewall makes me sleep just a little bit better at night.
Kurt
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)