[Cialug] DMZ, router's firewall and web server's security...
Jeff Davis
jeff at dynamictelecard.com
Tue Nov 29 09:13:10 CST 2005
afan at afan.net wrote:
> Hi,
> I just had a talk about my home network and my web server at home and
> people I talked to confused me about couple things.
> First, one said that setting up web server at home and NOT USING DMZ is
> making a hole in my network and security system. He said that I HAVE to
> use DMZ.
> On my modem's setting page though I found that I have to turn DMZ on
> just in case I make server for special needs, like gaming server or
> video conferencing.
> Do I really NEED DMZ turned "On"? My opinion is that I don't need it for
> web server at home.
I run a web server in a DMZ, but its running IPtables, patched regularly,
and I also happen to wipe the machine and clean install a new distro
2 or 3 times a year. (Although I'm not recommending you go that far.
I use the clean install as a means trying out new flavors of linux.)
I'd recommend that you stick to port forwarding 80 instead of the DMZ.
> Second, other guy was almost laughing at me when I told him that ONLY
> firewalls I use in home network are modem's and router's firewalls (I
> have Web server on SuSE 9.2 and I have two Windows and one Mac computer
> in network). He said that these are something like low-level, low-secure
> firewalls and that I have to have something good!.
Is your router doing NAT and SPI? Are all your machines patched?
Do you run AV on your windows boxen?
If yes to all 3 then you're doing well so far.
Are you doing any unusual port forwarding and/or DMZ's with your router?
Do you run any banking or tax software on your PC's?
If you said yes to the first 3 and no to these then you're probably ok.
Unless you're paranoid or someone is targeting you for some reason.
> When I started using hi speed Internet access (first cable then DSL),
> and I talked to people about firewalls, all of them told me the same: my
> computers behind modem's and router's firewalls are REALLY safe. I had
> some period of time Zone Alarm, but after one guy compared it as "Having
> 2 spare wheels on car - it's better then one, but chances to need them
> both are so small and not worth to carry 2nd one" - I took it off
Most people are just checking their email and web surfing.
I'd say its more along the lines of why have 2 spares when all
you do is drive 3 blocks to church on sundays.
If you're driving through a construction zone where there's a lot
of nails or you are on a track racing then 2 spares makes sense.
.
> What do you think?
>
> -afan
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list