[Sussex] Smoothwall

Geoff Teale Geoff.Teale at claybrook.co.uk
Fri Mar 28 11:22:01 UTC 2003

Jon wrote:
> SmoothWall has a DNS proxy built in, not a fully fledged DNS 
> server. If
> you ask any of the SmoothWall team they'll tell you that you shouldn't
> be running any other services on the firewall itself and it 
> should be on
> a seperate box. IMO, a DNS server (providing it's not running 
> THAT many
> domains) is ok to be run on a firewall.

Of course any extra service is an extra vunerability, and you also suffer
from "all your eggs in one basket", you might loose your DNS and firewall at
the same time - in practice that may not be a problem (you might argue that
one without the other is as good as them both being down).  So effectively
you double your chance of security problems and could have twice as much to
redo in the event of a malicious attack.

As ever, it's a tradeoff and I am _not_ the best qualified person on the
list to advise you on the balance.

geoff.teale at claybrook.co.uk
tealeg at member.fsf.org

If God is perfect, why did He create discontinuous functions?

Version: 3.1
GCS d? s+:+ a- K? w---$ O M+ V- PS++ PE- Y+ PGP- t--- 5-- X R- tv- b+++ 
DI++++ D G+ e++ h--- r+++ z+++

The above information is confidential to the addressee and may be privileged.  Unauthorised access and use is prohibited.
Internet communications are not secure and therefore this Company does not accept legal responsibility for the contents of this message.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
Claybrook Computing Limited is a subsidiary of Claybrook Computing (Holdings) Limited
Registered Office: Abbey House. 282 Farnborough Road, Farnborough, Hampshire GU14 7NJ
Registered in England and Wales No 1287205
A Hogg Robinson plc company

More information about the Sussex mailing list