SCO Unix as a firewall?
Can I use SCO Unix as a firewall?
Given the current cost of hardware and the availability of Linux software,
why on earth would you want to run a firewall on a production server?
A firewall should be a stand alone machine- it shouldn't serve mail, web or
anything else. The internal machines should be hardened as much as possible
too, but the first line of defense should be entirely separate. If you are
really paranoid, have multiple firewalls- it's so cheap to do nowadays that
anyone who has any reason to be concerned about security has no reason not
to. Used hardware perfectly capable of being Linux or BSD firewalls can be
had for next to nothing- sometimes just for the efort of going to pick it up!
It's also not a bad concept to use different OS'es- maybe a nice BSD firewall
exposed, an internal Linux firewall, and maybe the SCO machine being the
gateway for the Windows boxes which in turn are made as secure as they can
be- or whatever. The point is that security exploits are often OS specific;
having multiple OSes may not protect you but it can't hurt, and it's cheap.
The only real downside is that you have to keep current with multiple
exploits, but even that isn't all that onerous nowadays.
And if your needs really are serious, then you should probably have some
commercial products mixed in there too- it's a simple "what could it cost me
if" analysis that too few companies bother to do.
But having a production server protect itself? Very shortsighted- again,
yes, it SHOULD protect itself as much as humanly possible, but it should not
be dangling out there exposed. Not nowadays, when it's so inexpensive to
have better schemes.
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Tony Lawrence
Find me on Google+
© 2013-07-25 Tony Lawrence