|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [OT] What is more secure?
From: Andreas Kahari (andreas.kahari
gmail.com)
Date: Thu Feb 24 2005 - 07:39:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 24 Feb 2005 08:27:44 -0500, Melameth, Daniel D.
<dmelamethmba-cpa.com> wrote:
> Tomas wrote:
> > I'd like to ask you, as guys who know a lot of about security, this
> > question: what is more secure when dealing with web servers and
> > public ips. Is it more secure to give all of your public ips directly
>
> > to a web server and filter traffic with firewall, or is it better to
> > give all public ips to a firewall and only redirect http and https
> ports
> > to internal web server?
>
> Private IP addresses are designed to address the limited number of IPv4
> addresses--they are really not intended to bolster security and any good
> firewall should adequately secure your hosts. IMHO, stay away from
> private IPs if possible.
The first part of that last paragraph does not imply the second half
in any way. I think Tomas' second approach is good, simply from an
administrational point of view (uses fewer public IPs). Use private
IPs internally. Redirect from a firewall to the internal servers.
--
Andreas Kdhdri
1024D/C2E163CB
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]