APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Why Production servers shouldn't have external interfaces

© December 2002 Tony Lawrence

People sometimes want to use their application servers as firewalls. This seems attractive at first glance: slap in another network card, add some packet filtering, tighten the system down a bit and connect it to the outside world. Cheap and quick, but a very bad idea.

Production servers should never be firewalls. That doeesn't mean that you should neglect security on these servers; you should in every respect treat them as though they were wide open to the big bad world, but they never should be. Do run packet filters, tcp wrappers, and intrusion detection software. Eliminate unneeded services, and keep your systems up to date with security patches. But have a separate firewall.

Why do I say this? There are many reasons.

The potential for trouble is just too great. Have a separate firewall. Even better, run multiple levels of firewalls: hardware is very cheap today.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> 10 or more reasons why production servers shouldn't have external interfaces

Inexpensive and informative Apple related e-books:

Take Control of IOS 11

Take Control of iCloud

El Capitan: A Take Control Crash Course

Take Control of Parallels Desktop 12

Take Control of the Mac Command Line with Terminal, Second Edition

More Articles by © Tony Lawrence

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming. (Donald Knuth)

Linux posts

Troubleshooting posts

This post tagged:





Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode