# # 10 or more reasons why production servers shouldn't have external interfaces
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Why Production servers shouldn't have external interfaces

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2002 Tony Lawrence

People sometimes want to use their application servers as firewalls. This seems attractive at first glance: slap in another network card, add some packet filtering, tighten the system down a bit and connect it to the outside world. Cheap and quick, but a very bad idea.

Production servers should never be firewalls. That doeesn't mean that you should neglect security on these servers; you should in every respect treat them as though they were wide open to the big bad world, but they never should be. Do run packet filters, tcp wrappers, and intrusion detection software. Eliminate unneeded services, and keep your systems up to date with security patches. But have a separate firewall.

Why do I say this? There are many reasons.


The potential for trouble is just too great. Have a separate firewall. Even better, run multiple levels of firewalls: hardware is very cheap today.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> 10 or more reasons why production servers shouldn't have external interfaces


Inexpensive and informative Apple related e-books:

Take Control of IOS 11

Take Control of iCloud

El Capitan: A Take Control Crash Course

Take Control of Parallels Desktop 12

Take Control of the Mac Command Line with Terminal, Second Edition





More Articles by © Tony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming. (Donald Knuth)




Linux posts

Troubleshooting posts


This post tagged:

Administration

Networking

Opinion

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode