Hi, Yes, there are a couple of reasons this may be a bad idea:
The main one I can think of is that every piece of software you run on a box increases the risk that one of them may have a security vulnerability that could be leveraged to take over the machine. Let's say your media centre is vulnerable to Shellshock and malicious code is injected into it. That code is now on a box that has a NIC on unfiltered public internet and could do anything. If it contains a privilege escalation hack, things get worse as it will be able to alter the firewall rules for the whole network, spoof DNS responses to direct your banking to phishing sites and so on. It may also grant its master remote access to your firewall. Another issue is that, if you heavily load the firewall box with something like a heavyweight database, like the one your media centre may contain, it may affect your network throughout if the box gets bogged down. We have a strictly enforced policy at work that forbids the installation of application software on any machine that has a security role. It also forbids any non administrator user from being allowed to log on to any such machine. I think this rule is sensible. Bests, Paul. Sent from my mobile device. Please excuse my brevity. -------- Original message -------- From: Leo <li...@fractal.me.uk> Date:18/10/2014 14:48 (GMT+00:00) To: Hampshire LUG <hampshire@mailman.lug.org.uk> Subject: [Hampshire] Firewalls Are there any downsides for using firewall boxes for other tasks as well, e.g. file server or media centres? Leo -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
-- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
