On the first point, some servers do require that they be in the DMZ. DNS is one of those that works without being in the DMZ, but certain errors can crop up if it is setup that way. I have run many webservers with only port forwarding (not DMZ) and they have worked just fine. I believe that HTTP works well enough that there is no need to put your webserver in the DMZ if you do not want to. If I'm wrong on this point, would somebody please point out why this is not recommended as I have heard it too, but never heard a justification for it.
<br><br>On the second point, router firewalls are decent. They block unrequested inbound traffic and will generally stop anything that comes to your door knocking. The advantage of having a software firewall or enhanced firewall such as a Cisco PIX is that you can not only block inbound traffic, but you can also block outbound traffic. This can help in determining if someone or something has compromised your system and is trying "dial home" for any purpose. I have used a software firewall in the past to do this type of security, but for most home users, I find that it is overkill and can lead to more support calls then anything.
<br><br>jerry<br><br><div><span class="gmail_quote">On 11/28/05, <b class="gmail_sendername"><a href="mailto:afan@afan.net">afan@afan.net</a></b> <<a href="mailto:afan@afan.net">afan@afan.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="font-family: -moz-fixed; font-size: 13px;" lang="x-western">Hi,
<br>
I just had a talk about my home network and my web server at home and
people I talked to confused me about couple things.<br>
First, one said that setting up web server at home and NOT USING DMZ is
making a hole in my network and security system. He said that I HAVE
to use DMZ. <br>
On my modem's setting page though I found that I have to turn DMZ on
just in case I make server for special needs, like gaming server or
video conferencing. <br>
Do I really NEED DMZ turned "On"? My opinion is that I don't need it
for web server at home.
<br>
<br>
Second, other guy was almost laughing at me when I told him that ONLY
firewalls I use in home network are modem's and router's firewalls (I
have Web server on SuSE 9.2 and I have two Windows and one Mac computer
in network). He said that these are something like low-level,
low-secure firewalls and that I have to have something good!.
<br>
When I started using hi speed Internet access (first cable then DSL),
and I talked to people about firewalls, all of them told me the same:
my computers behind modem's and router's firewalls are REALLY safe. I
had some period of time Zone Alarm, but after one guy compared it as
"Having 2 spare wheels on car - it's better then one, but chances to
need them both are so small and not worth to carry 2nd one" - I took it
off.
<br>
What do you think?
<br>
<br>
-afan
<br>
<br>
<br>
</div>
<br>_______________________________________________<br>Cialug mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://cialug.org/mailman/listinfo/cialug" target="_blank">
http://cialug.org/mailman/listinfo/cialug</a><br><br><br></blockquote></div><br>