Re: web server + router on the same box

On 24 Mar 2007, in the Usenet newsgroup alt.os.linux, in article
<1174752206.861923.256060@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, scottnews@xxxxxxxxxxx
wrote:

I've started playing around with Linux and Apache lately

Inferred: not experienced

and am wondering if it would be secure to put a web server and wireless
router on the same box. Are there security risks?

Yes. How much depends on the amount of work you want to put in
to secure things.

Is it more conventional to put the router and server on their own boxes?

It's hardly uncommon - many users put everything (router, firewall,
server, workstation, and the kitchen sink) on the same box, often
because it's the only box they have or are willing to use. That doesn't
make it a good idea, but it's also not instantly fatal.

Would I recommend it? No. Anyone gaining access to even the tiniest
crack has access to everything. The more things you have running, the
more _potential_ exploits. That's why separate boxes are better.

I'll probably use Fedora Core and Apache. I'm not sure what router
application to use.

echo 1 > /proc/sys/net/ipv4/ip_forward

Boom - you got a router. Or with Fedora, in /etc/sysconfig/network you
set 'FORWARD_IPV4=' to 'true'. What you're really thinking of is a
_firewall_ and that's a different ball of wax. Again, the firewall is
built in to the kernel, and your choice is which of the many firewall
configuration tools you want to use. Literally, there are hundreds,
ranging from powdered plastic puppy poop up to tools adequate for a
commercial installation that worries about Sarbanes-Oxley Act level
controls, and everything in-between.

Would you recommend the one that comes with Fedora?

If you keep it up to date - sure, why not?

I'll be using an old 500 MHz Dell Inspiron. I'll have to buy a
wireless NIC for the the router side. Any recommendation for a NIC
that has an antenna on a cable?

news://alt.internet.wireless

Antenna on a cable is often bad news. Cable loss at 2.4 GHz is pretty
substantial, and you want to minimize that if at all possible. A far
better solution is a standalone access point that can be optimally
located, and connect that to your local box/LAN with UTP Cat5 cable.

Just pay attention to the security aspects. The vast majority of
wireless installations are wide open for anyone to exploit. They are
left in the default configuration with all security disabled because
it takes to much effort (a minute maximum for someone experienced,
a half hour for the mouth-breathers) to properly secure them.

Old guy
.

Relevant Pages

  • Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security
    ... router does this automatically; they only permit traffic that's in reply to some previous outbound request. ... What security protection should I expect from: ... a software firewall ... The reason I ask this is that I have a Linksys wireless hub with a WEP ...
    (microsoft.public.windows.vista.security)
  • RE: Home Security.
    ... Subject: Home Security. ... I would suggest using linux as your router. ... Other than that, as long as you set your firewall up right, you ...
    (Security-Basics)
  • Re: CIV4 Continued crashes
    ... > If you're running behind a router, ... > extra firewall security you're running is redundant with a router. ... Haven't had a single virus or malware or infection. ...
    (comp.sys.ibm.pc.games.strategic)
  • Re: Rural broadband
    ... for the PC to router connection. ... PC's security while on internet. ... considerations and determination of antenna height. ... of installation and service easy to provide. ...
    (microsoft.public.windowsxp.general)
  • Re: Rural broadband
    ... Need it for the PC to router connection. ... Don't know...the installers looked after all of that. ... PC's security while on internet. ... considerations and determination of antenna height. ...
    (microsoft.public.windowsxp.general)