> Are, or can, proxy based firewalls be less secure because they are > running a proxy service?
Sure. There is always the potential that there is a flaw in the proxy code itself. > If I > just have a home machine is it o.k. to run that stuff on it? Many times what you read about are ideal situations. Yes, in a perfect setup, it is nice to have a packet filtering firewall that has absolutely no services running on it. Then, for each service, you can create a separate machine (behind the packet filter) running appropriate proxy software for the service. Now all connections end up going through a proxy and a packet filter for additional security. To answer your question, yes you can run services on your firewall, but you need to be aware of the risks. For example, if the firewall has to provide services to your internal hosts (e.g. DHCP) in additional to being a firewall, make sure those services which are only needed internally aren't exposed to the Internet (i.e. bind them to your internal interface). I use a single packet filtering firewall at home that runs services. Due to various limitations (e.g. $$, limited IPs, etc.), it also acts as a DNS server for my domain as well as a mail server. I'm very careful about which software I put on it (e.g. I only run djbware). > My scenario is just a home machine with a dialup connection. I'd like > to run iptables, maybe squid for setup experience, nmap and maybe > snort and tripwire. Not sure if snort is just NIDS or HIDS as well. If > it does HIDS and NIDS then I would run it alone. Sounds like a good learning experience to me. Just make sure to restrict services to your internal interface unless they're needed from the "outside". Steve Bremer NEBCO, Inc.
