Firewall and email/file servers on same machine?

Firewalls should not be running anything not related to the firewall funtion. The more you install or run, the greater the possibility of a security risk. Ideally, you'd even forward vpn and ssh access to another box, rather than allow it on the firewall.

Reply to
James Knott
Loading thread data ...

Hi all,

I'm thinking of adding a linux based firewall to my home network, probably on a mini-itx machine. I also need an email server and a file server that can be accessed via a VPN.

Is it better from a security point of view to have physically separate machines for the firewall and servers, or can these be in the same physical machine without compromising security? I've heard that physically separating them is good practice, but is there a genuine security reason or is this just a maintenance issue?

Thanks!

Mark.

Reply to
markp

Yes.

Yes, there is a genuine security reason and that reads: 'Run as few (public) services as possible on a security device!' For any service offered by the box sooner or later an exploit might be found. What is not there cannot be exploited. Best is to run _no_ services on a firewall at all.

On the contrary more machines means more neccessary effort for administration (installing patches, hardware maintainance etc.). Wolfgang

Reply to
Wolfgang Kueter
[snip]

I've recendly moved, and shuffled the networking arrangements around thus:

outside world

Reply to
Tim Haynes

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.