On 2002.10.21 20:11 Jacob Rhoden wrote:
On Tue, 22 Oct 2002 03:43, James wrote: > I'm just wondering if most web servers don't run a firewall? We've > setup a FreeBSD web server without ipfw running, and I don't really see > any reason to run ipfw since the only services I have running are httpd > and sshd. We have also attempted to secure the machine in the other > typical ways.As others have said, you dont really need to, but it is a good idea, and does add an extra layer of protection. One example of this would be, if you web server is compromised, and the user gets access as 'httpd' but not as root. Having a firewall will prevent them malicious activity, such as using your machine to launch a DOS attack against another machine, and prevent them running a daemon that allows them to connect to your machine on another port. So you dont need a firewall, but it does make your machine alot more safe if you do. The other option, is you can set the kernel secure level so that users cannot modify the kernel or the firewall rules to get around your security, without having local access to the machine.
I appreciate all the input! I think I will be putting up ipfw afterall! I see now that the benefits far outweigh the small amount of time it takes to setup ipfw. I imagine there wouldn't be any noticeable effects to performance either.
James
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message