logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



A few thoughts on firewalls and web servers

 
Post new topic   Reply to topic    Apache Forum Index -> Hardware & Networking



View previous topic :: View next topic  
Author Message
Brian



Joined: 21 Oct 2005
Posts: 209
Location: Puyallup, WA USA

PostPosted: Mon 25 Sep '06 23:33    Post subject: Reply with quote

Just a few thoughts on firewalls and web servers. I work in an environment, very corporate and quite an enterprise environment as well. All content is run through Web Marshall, a gateway / proxy appliance, and all servers are protected via hardware firewalls.

I do not believe in the use of software firewalls for anything beyond a home computer, and even then it is mostly a "feel good" purpose. The truth is that a software firewall can be defeated, but generally by means of a user on that machine in some way allowing the execution of code that quietly circumvents or defeats the software firewall. I have personally witnessed this taking place, but only with some level of interaction by a person on that machine logged in as an adminstrator.

On the other hand, if you filter the content, as you desire inbound and outbound by a high quality security appliance, you will be well served. For example, I use a router / firewall by ZyXel. Of course there are many good brands and models out there, this was my choice because of the very high quality that they are tested to. This allows me to set up rules for WAN to LAN, LAN to LAN, and LAN to WAN. This is powerful because you have far more control over the type of traffic you allow into your network, even when you allow it.

I do NOT run any software firewalls on any server I manage, I am strongly opposed to them. Another thought is that if you turn off every single service that is not needed, including NetBIOS, file and printer sharing, indexing services, and the plethora of other Windows services that are not needed, you potentially increase your security and likely server performance to at least some measurable degree.

In theory, you should not need a firewall at all, if there isn't anything listening on a given port, then there is no threat that can get through on that port. But if you are like me and you have a server connected through a network to other machines, then you will want the protection of a perimeter firewall, and maybe more.
Back to top
roberts



Joined: 06 Mar 2007
Posts: 2

PostPosted: Tue 06 Mar '07 17:59    Post subject: Reply with quote

hi,

very useful, software firewalls is slow, can not be believed.

all web site servers need be protected via hardware firewalls.


Thanks.


------------------------------
software reviews
Back to top
PipoDeClown



Joined: 20 Dec 2005
Posts: 76

PostPosted: Wed 14 Mar '07 10:00    Post subject: Reply with quote

Software in "hardware firewalls" is called firmware.
Its all software. But its on a _seperated_ device.

So there could be a bug in that software that allow leaking data from wan to lan bypassing the filter.

I'am using a _sepereted_ computer running a "software" firewall sitting between my modem and internal lan. It manages traffic wan-lan-wlan-dmz...

You _need_ a firewall at least to keep your lan-traffic clean from outside noise. In small (home)networks just one integrated modem/router/firewall will suffice most of the time.

Just my 0,02€
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Hardware & Networking
Page 1 of 1