In-Reply-To: <[EMAIL PROTECTED]> Yes this is a good idea. I dont know about how your hardware firewall is setup but I assume its port forwarding capable seeing as you have a web server behind it. If you have additional ports opened up this may allow someone to compromise a machine on the inside. From this machine the web server can be compromised. Its a good idea to slap on even a light firewall blocking unessecary traffic to the web server. Just as a precaution.
--chris >Received: (qmail 22708 invoked from network); 25 Jun 2003 15:27:06 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 25 Jun 2003 15:27:06 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 04FA5A38D9; Wed, 25 Jun 2003 09:11:23 -0600 (MDT) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 21137 invoked from network); 25 Jun 2003 06:20:38 -0000 >Date: Wed, 25 Jun 2003 02:24:46 -0400 (EDT) >From: Anish Basu <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Firewall on server itself >Message-ID: <[EMAIL PROTECTED]> >MIME-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII > >I am trying to set up a secure web server which will already be protected >by a dedicated harware firewall. The hardware firewall will be configured >to protect the web server as well other computers on the network. The >web server will be running Red Hat 9.0. Is there any reason to install >and configure firewall software such as IPTables on the web server itself? >Are there any advantaqes or disadvantages to having two firewalls set up >this way? > >Thanx in advance for any help. > > >************************************************************* >Anish Basu ([EMAIL PROTECTED]) >Chair Events and Programming >Co-Chair Internet Security >USACS, Undergraduate Student Alliance of Computer Scientists >http://usacs.rutgers.edu >************************************************************* > >-----BEGIN PGP PUBLIC KEY BLOCK----- >Version: GnuPG v1.2.1 (GNU/Linux) > >mQGiBD73j5cRBACZL6r2HapGwo05TAkgw3xGvkfWQl19010ucpiMECdJBI9KfgrK >/F9qUAcdKeJvJUSNVIDudfs+LKf8chpW3+uhH121m01PrlNKK+PU4BGlkEAMvmMw >UJaG1Qq37Vs9uw0Ar2bCzq8XDUdbSuJtv/AucTJW4gv30NIwnHYHSesKuwCglKXi >jAkwG0hXxFX33WqsX+OYffEEAJWhaF3VfXVgiz8xaWSNwatd8CKsZlknBnomJpen >TVdlsnl+18Nyl2VjRzcRimYJQdEKUQjpUfjrmOP1+OCPA1cvk46KMO2frdvbGRLs >PxWrxa60G7bJVpuw1LF1cTNAiFzQT3uaZzOIj+zZvntBPvi6dTgeqqt0G4T5fdhM >398bA/sHktmFOBtYMTFTbNF74HeMv1DfmRHjDygkpOS+ZZrdZUIv0VXSyPjwsVLY >zF+J8pzyxDVhD9gtTnlIUxGFW22S+PSvFDXPwB//Vrcux6ogfuAhpRjbrC5K1ED+ >sTzMNebZVaDAQvsCFhKlHoYlwMsUnOASDcrlTDPIe7h8rt/BkbQkQW5pc2ggQmFz >dSA8YW5pc2hiQGVkZW4ucnV0Z2Vycy5lZHU+iFkEExECABkFAj73j5cECwcDAgMV >AgMDFgIBAh4BAheAAAoJEFg2FXGIkwwyXpkAni1mKIaIF8xvQTII6U+5oas1Zhyc >AJ99GSjXgiVS7ED/dS+Ti9LPUuP1NLkBDQQ+94+cEAQApxgDaofLmhxouHOX0dPz >qitLgWwJUB5hTB1duFSdBGBVwAPSVLzE33UJiwiYr0L/lSJenfwh50FeavqyHSxE >M0ttF5/yP+7y1pmWMkxcBkntmKOPMNyC+ptV3TTK9geGcIxZyIx4sm631Pb3PNCf >2p7PrgsLYNJLktP4jERvw/cAAwUD/AkVM2zoMjPkZd7+BGrJeNzuTENq7m7xc1ur >v6fLWx+K0eNbfkKoyiLqVTTtSzX8CV2j/nu+Vwnfy/4Qr3KKdd1fg0W088FPPhQO >7ZqVS89lAePLNBHSrhS9Et63A74Qw58W/fS9UMVGvATrdRTqCXv5ru/yGLalqWTU >1yi8zSpViEYEGBECAAYFAj73j5wACgkQWDYVcYiTDDLACwCdHBAHf/UwoB8BsbDk >IGoZW0tuD7cAnRi5TN/irq9muS3jENqIJB+rquV0 >=od0b >-----END PGP PUBLIC KEY BLOCK----- > > >-------------------------------------------------------------------------- - >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! >The Gartner Group just put Neoteris in the top of its Magic Quadrant, >while InStat has confirmed Neoteris as the leader in marketshare. > >Find out why, and see how you can get plug-n-play secure remote access in >about an hour, with no client, server changes, or ongoing maintenance. > >Visit us at: http://www.neoteris.com/promos/sf-6-9.htm >-------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
