Re: Firewall and email/file servers on same machine?

From: markp (
Date: 01/16/05

Date: Sun, 16 Jan 2005 17:13:04 -0000

"Wolfgang Kueter" <> wrote in message
> markp wrote:
>> Is it better from a security point of view to have physically separate
>> machines for the firewall and servers,
> Yes.
>> or can these be in the same
>> physical machine without compromising security? I've heard that
>> physically
>> separating them is good practice, but is there a genuine security reason
>> or is this just a maintenance issue?
> Yes, there is a genuine security reason and that reads: 'Run as few
> (public)
> services as possible on a security device!' For any service offered by the
> box sooner or later an exploit might be found. What is not there cannot be
> exploited. Best is to run _no_ services on a firewall at all.
> On the contrary more machines means more neccessary effort for
> administration (installing patches, hardware maintainance etc.).
> Wolfgang

Thanks! I think that I'll set up a firewall only machine, and put other
stuff on another machine locally.