On Fri, 2002-07-12 at 15:08, Steven Ackerman wrote: > Which brings me to a question I've been wanting to ask for a long time. > > If you read firewall books, docs, lists, etc, people often say that you > shouldn't run anything on your firewall box. No services, etc. So if I have > one machine running iptables and I want to run squid or an NIDS or HIDS I > should have a second machine for each "service". If I just have a home > machine is it o.k. to run that stuff on it?
You might note that a lot of what you're considering is included in two popular Linux-based firewall distributions (note: one project [1] is a fork of the other [2] and I've included both links due to the interesting, and sometimes nasty, politics involved). There are two security principles to consider here. The first is that complexity tends to promote insecurity. The second is that security is actually a process of assuming or mitigating risk. Lets look at them and see how they bounce off each other. Our first principle involves complexity. The more complex a system is, the more possibilities there are for something to go wrong. This could take the form of a newly discovered vulnerability of a service. Or it could involve misconfiguration of a service, or a supporting configuration such as a firewall, that presents a possible compromise of the entire system. This is why the best advice is to keep your firewall slim and trim. It should be a bastion host who's entire focus is acting as gatekeeper and sentry to your network. Anything outside of that role simply increases the chance that it will fail at its main task. That concept is fine but it is held in check with our second principle - security is about mitigating and assuming risk. Security discussions usually focus on the identification and mitigation of risk... and to some degree the Holy Grail of eliminating risk. What we don't talk about as much is assumption of risk. This makes sense as assuming risk is a very subjective matter. Its rather easy to sit down and compare notes on, for example, SSH and come to a general consensus over how secure it is. It is a very personal choice to decide whether whatever risk SSH presents is acceptable considering the advantages it provides (my bias - SSH good). One side note - everyone assumes risk whether they understand it or not. The problem is that many IT environments have assumed risks by default that they know nothing about. A key part of the process I outlined is proper identification of risk so one can properly evaluate that risk and make an educated decision. With this in mind... you may decide to load up your home gateway / firewall with a number of services that provide valuable functionality, have a reasonably secure track record, and you feel comfortable configuring (and are willing to monitor and keep up-to-date). Or you might have a spare box sitting around that would make a fine secondary server and move some of those services to it instead (assuming the same level of functionality). [1] http://www.ipcop.org [2] http://www.smoothwall.org -- .: Paul Hosking . [EMAIL PROTECTED] .: InfoSec . 408.829.9402 .: PGP KeyID: 0x42F93AE9 .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9
