Question about firewalls.

From: Allan Schon <allanschon(at)mckinleymachinery.com>
Date: Wed May 21 2003 - 13:43:46 EDT

I have a quick question about basic network/firewall setup.

I am about to move into a new apartment, and am taking the opportunity to rethink the way I have my private network set up. I currently have a box running Slackware Linux v9.0 running iptables as the main firewall/gateway to my broadband connection. I also have web, mail, ssh, and a couple other servers running on that machine. My desktop computer runs WinXP, and my roommates each run Win98. I have a few extra boxes sitting in a closet collecting dust, and I was thinking about bringing them online.

Would I gain any security by dedicating one machine to firewall/NAT functionality and forwarding ports on to another host? The only advantage I can think of is that a root exploit on any of the services I allow through the firewall would essentially give the attacker free reign over my entire network, instead of just the single machine. The primary disadvantage is the one which my wallet will experiance, as keeping another machine running 24/7 will increase the electricity bill somewhat. Do you think that the real gain in security(if any) is worth the added cost?

--

Allan

---

Thinking About Security Training? You Can't Afford Not To!

Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now!
--UP TO 30% off classes in select cities--
http://www.securityfocus.com/Vigilar-security-basics

---

Received on Thu May 22 12:45:18 2003