[KLUG Members] http switching?

Bruce Smith members@kalamazoolinux.org
Mon, 27 Aug 2001 21:11:51 -0400

Previous message: [KLUG Members] http switching?
Next message: [KLUG Members] http switching?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'm sure squid can do this. My question is, should a pure gateway service
> such as squid run on a filewall? (Especially for a small business as opposed
> to a home network.)

It's not a good idea.  If someone can break into your firewall, they
have access to your entire internal network.  The less services you
run on your firewall the better.

If you must run _internal_ services on it like squid, make sure you 
block access to all of it's ports from the internet side.  Even with
the ports blocked, it's still not a good idea.

If you run internet services on your firewall (like sendmail, pop3,
imap, dns, http, ftp ...) then remember that the next time an exploit 
is found in one of those programs, someone could crack your firewall 
and have full access to all the nodes behind it.  Not a good idea!

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] http switching?
Next message: [KLUG Members] http switching?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]