WebApp Sec mailing list archives
Re: What is more secure?
From: Harry de Grote <rik.bobbaers () cc kuleuven ac be>
Date: Mon, 28 Feb 2005 15:24:31 +0100
Op Monday 28 February 2005 03:04, Tomas sgreifde:
My web server is on Windows 2003 server box with IIS 6 (that’s my company's policy and I can't do anything about it), so it's hardened to the point Microsoft allows it to be :) and my firewall is OpenBSD box (I love this OS :) and of course it's hardened the point my knowledge allows it to be :). The network is so small (only a few servers, because it's a DMZ network) and if I assume that the hacker is in it than I will assume that the hacker is in the web server itself and there will be no point in protecting it... So now I need to figure out that is more secure, to give all public ips to the web server and filter traffic with bridging firewall or to give all public ips to firewall itself and only forward certain ports to the web server with internal ips. Blackhat wrote that it's more secure to give all public ips to firewall and to forward ports to web's internal ips (sorry blackhat if I understood you wrongly), but then the hacker will be making his attack on the firewall and if he succeed he will gain all access to both networks: internal and DMZ. And if I'll give all public ips to the web server and make bridging firewall then the hacker will be making his attack directly on the web server and if he succeeds he will gain access to web server only. Or am I wrong... I'm a little confused here...
if a firewall only forwards ports, it is really hard to get hacked through that port... i would give all the ip;s to the openbsd firewall why? i trust openbsd, and i don't trust M$. openbsd is a lot more solid when it comes to security. so if you want my opinion: bsd box gets all the ips, 2way filtering of the traffic. and the M$ boxes behind it can do nothing! (except maybe some webserving ;)) just my 2 cents -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers () cc kuleuven ac be -=- http://harry.ulyssis.org "OpenSSH: Because you can't spell 'asshole' without 'ssh'"
Current thread:
- What is more secure? Tomas (Feb 28)
- Re: What is more secure? blackhat (Feb 28)
- Re: What is more secure? Alvin Oga (Feb 28)
- RE: What is more secure? Tomas (Feb 28)
- Re: What is more secure? Harry de Grote (Mar 01)
- Re: What is more secure? Devdas Bhagat (Mar 06)
- Re: What is more secure? Chris Thorp (Mar 01)
- RE: What is more secure? Tomas (Feb 28)