Re: Firewall and email/file servers on same machine?

From: markp (map.nospam_at_f2s.com)
Date: 01/16/05


Date: Sun, 16 Jan 2005 17:13:04 -0000


"Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
news:csb1b2$tbp$1@news.shlink.de...
> markp wrote:
>
>> Is it better from a security point of view to have physically separate
>> machines for the firewall and servers,
>
> Yes.
>
>> or can these be in the same
>> physical machine without compromising security? I've heard that
>> physically
>> separating them is good practice, but is there a genuine security reason
>> or is this just a maintenance issue?
>
> Yes, there is a genuine security reason and that reads: 'Run as few
> (public)
> services as possible on a security device!' For any service offered by the
> box sooner or later an exploit might be found. What is not there cannot be
> exploited. Best is to run _no_ services on a firewall at all.
>
> On the contrary more machines means more neccessary effort for
> administration (installing patches, hardware maintainance etc.).
>
> Wolfgang

Thanks! I think that I'll set up a firewall only machine, and put other
stuff on another machine locally.

Mark.