[Cialug] DMZ, router's firewall and web server's security...

Lee leeh at csi-rics.com
Mon Nov 28 14:13:07 CST 2005 

First, simply put, a DMZ is an open unrestricted port forwarder. You use 
a DMZ to open yourself to incoming requests as required by the type of 
server in use. Generally a web server is on a DMZ for ease of access. I 
run a web server on a DMZ so that I can allow and deny access directly 
on the server and not forward specific ports through the firewall.

Second, I find that being laughed at is often a sign of ignorance of the 
one doing the laughing. Before you judge something like a firewall you 
need to know a few things. What are you trying to protect? Are you 
already a target? Do you plan to store sensitive data on an otherwise 
public server? If so then get a good hardware firewall. Another thing to 
understand is how malicious access is gained. I have no figures to quote 
but many holes are opened not by low grade firewalls. But by end-users. 
If it looks suspicious don't click on, download or install it. Many 
built-in (router) firewalls offer little more than Port Blocking,  
packet Filtering, basic DOS protection and a few others. And much of the 
time this is all you need. Below is a good place to start when trying to 
understand these things...

http://www.howstuffworks.com/firewall.htm

afan at afan.net wrote:

> Hi,
> I just had a talk about my home network and my web server at home and 
> people I talked to confused me about couple things.
> First, one said that setting up web server at home and NOT USING DMZ 
> is making a hole in my network  and security system. He said that I 
> HAVE to use DMZ.
> On my modem's setting page though I found that I have to turn DMZ on 
> just in case I make server for special needs, like gaming server or 
> video conferencing.
> Do I really NEED DMZ turned "On"? My opinion is that I don't need it 
> for web server at home.
>
> Second, other guy was almost laughing at me when I told him that ONLY 
> firewalls I use in home network are modem's and router's firewalls (I 
> have Web server on SuSE 9.2 and I have two Windows and one Mac 
> computer in network). He said that these are something like low-level, 
> low-secure firewalls and that I have to have something good!.
> When I started using hi speed Internet access (first cable then DSL), 
> and I talked to people about firewalls, all of them told me the same: 
> my computers behind modem's and router's firewalls are REALLY safe. I 
> had some period of time Zone Alarm, but after one guy compared it as 
> "Having 2 spare wheels on car - it's better then one, but chances to 
> need them both are so small and not worth to carry 2nd one" - I took 
> it off.
> What do you think?
>
> -afan
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Cialug mailing list
>Cialug at cialug.org
>http://cialug.org/mailman/listinfo/cialug
>  
>

More information about the Cialug mailing list