|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [OT] What is more secure?
From: Andreas Kahari (andreas.kahari
gmail.com)
Date: Thu Feb 24 2005 - 07:42:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 24 Feb 2005 13:39:26 +0000, Andreas Kahari
<andreas.kaharigmail.com> wrote:
> On Thu, 24 Feb 2005 08:27:44 -0500, Melameth, Daniel D.
> <dmelamethmba-cpa.com> wrote:
> > Tomas wrote:
> > > I'd like to ask you, as guys who know a lot of about security, this
> > > question: what is more secure when dealing with web servers and
> > > public ips. Is it more secure to give all of your public ips directly
> >
> > > to a web server and filter traffic with firewall, or is it better to
> > > give all public ips to a firewall and only redirect http and https
> > ports
> > > to internal web server?
> >
> > Private IP addresses are designed to address the limited number of IPv4
> > addresses--they are really not intended to bolster security and any good
> > firewall should adequately secure your hosts. IMHO, stay away from
> > private IPs if possible.
>
> The first part of that last paragraph does not imply the second half
> in any way. I think Tomas' second approach is good, simply from an
> administrational point of view (uses fewer public IPs). Use private
> IPs internally. Redirect from a firewall to the internal servers.
BTW, did I say I knew anything about security? No? Good. So don't
sue me. A DMZ is probably the proper solution, like many points out.
--
Andreas Kdhdri
1024D/C2E163CB
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]