Security question

Felipe Alfaro Solana lkml at mac.com
Wed Apr 6 08:23:16 UTC 2005


On 5 Apr 2005, at 15:05, Sasa Stupar wrote:

>>> Hi!
>>>
>>> I want to hear your opinion on the following net configurations:
>>> 1. cablemodem -> router -> server in DMZ
>>> 				-> LAN users
>>> 2. cablemodem -> router/server -> LAN users
>>>
>>> Which one is more secure and what are the risks on each one?
>>>
>>> Regards,
>>> Sasa--
>> Sasa,
>>
>> a) What kind of server are we talking of?
>>
>> b) assuming it's a web- /mailserver, i would prefer version 1.
>> Is this a SOHO-installation with a small SOHO-Router? Be careful, as 
>> many
>> of them indicate a DMZ in the meaning, that they just forward all
>> incoming ports to a local machine (except the request from your lan of
>> course), but the server often has just his own local protection, as 
>> they
>> often exclude firewalling for DMZ-Computers
>>
>> c) i would never use a web- or mailserver as additional router to 
>> surf.
>> Advantage here: you would have the chance to install squid on it.
>>
>> Roger
>>
>
> Yes, it is a web/mail/samba server.
> For router I am thinking to use Smoothwall with three NIC's.

A Samba server in the DMZ? Why?




More information about the users mailing list