[Sussex] Smoothwall
Jon Fautley
jon at geekpeople.net
Fri Mar 28 11:30:00 UTC 2003
On Fri, 2003-03-28 at 11:23, Geoff Teale wrote:
> Jon wrote:
> ----------
> > SmoothWall has a DNS proxy built in, not a fully fledged DNS
> > server. If
> > you ask any of the SmoothWall team they'll tell you that you shouldn't
> > be running any other services on the firewall itself and it
> > should be on
> > a seperate box. IMO, a DNS server (providing it's not running
> > THAT many
> > domains) is ok to be run on a firewall.
>
> Of course any extra service is an extra vunerability, and you also suffer
> from "all your eggs in one basket", you might loose your DNS and firewall at
> the same time - in practice that may not be a problem (you might argue that
> one without the other is as good as them both being down). So effectively
> you double your chance of security problems and could have twice as much to
> redo in the event of a malicious attack.
This is true, personally I wouldn't run anything else on the firewall,
but I was trying to avoid a flamewar, lol. IME, it's personal preference
that decides if people will run extra services on the firewall. I don't
tend to argue as I've found it's like working for actus, long, drawnout,
pointless and in the end you find out they just don't give a fsck
anyway. :)
<In case you hadn't noticed - i've not been paid today, Actus have
stopped my payments as apparantly i flattened a PC before I returned it
to them>
Jon
More information about the Sussex
mailing list