SCO Unix as a firewall?

Can I use SCO Unix as a firewall?

Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server?

A firewall should be a stand alone machine- it shouldn't serve mail, web or anything else. The internal machines should be hardened as much as possible too, but the first line of defense should be entirely separate. If you are really paranoid, have multiple firewalls- it's so cheap to do nowadays that anyone who has any reason to be concerned about security has no reason not to. Used hardware perfectly capable of being Linux or BSD firewalls can be had for next to nothing- sometimes just for the efort of going to pick it up!

It's also not a bad concept to use different OS'es- maybe a nice BSD firewall exposed, an internal Linux firewall, and maybe the SCO machine being the gateway for the Windows boxes which in turn are made as secure as they can be- or whatever. The point is that security exploits are often OS specific; having multiple OSes may not protect you but it can't hurt, and it's cheap. The only real downside is that you have to keep current with multiple exploits, but even that isn't all that onerous nowadays.

And if your needs really are serious, then you should probably have some commercial products mixed in there too- it's a simple "what could it cost me if" analysis that too few companies bother to do.

But having a production server protect itself? Very shortsighted- again, yes, it SHOULD protect itself as much as humanly possible, but it should not be dangling out there exposed. Not nowadays, when it's so inexpensive to have better schemes.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Using SCO Unix as a firewall?




Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Tony Lawrence



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





FORTRAN's tragic fate has been its wide acceptance, mentally chaining thousands and thousands of programmers to our past mistakes. (Edsger W. Dijkstra)

I define UNIX as 30 definitions of regular expressions living under one roof. (Donald Knuth)







This post tagged: