|
|||
Is this secure?
Today I'm using a NetGear router/firewall to secure my LAN. On the inside I have a number of clients and a fileserver which I access via SSH.
I am planning to reduce the pile of equipment and save some energy at the same time. To achive this I am thinking about having one single machine hosting both firewall and fileserver. Using OpenBSD with PF and two network adapters this is of course techically possible, but is the solution equally secure as my current setup? I do not doubt that OpenBSD/PF is able to do a job even better than NetGear (if I set it up correctly) but what about having SSH-access from Internet directly into my firewall? |
|
|||
Two machines = two different systems to break in for a potential attacker. Even if your gateway becomes compromised, your file server will survive.
One machine = two different users to break in. For some people it is equal to the previous scenario, but IMHO breaking in a local user using some sort of local exploit is a hundred times easier than to attack a new system. So using one machine is not secure as using two machines. But it is cheaper and simplier. So it is up to you to decide if you need so high-level of security. For a home/neighbourhood network I'd prefer one machine in order to reduce cost. |
|
|||
Quote:
|
|
|||
Thanks both of you!
BSDfan666: I need to access my fileserver from outside home, consequently the firewall would end up with a door to the outside world. |
|
|||
Quote:
If not, then.. disable password authentication and then use a public key approach. Note; security through obscurity is always frowned upon.. but you could use an alternate port.. weed out some automated bots. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
how to secure my ftp? | milo974 | OpenBSD Security | 3 | 4th August 2009 03:47 PM |
I would like to secure a system | kungfujesus | OpenBSD Security | 4 | 28th September 2008 04:30 PM |
secure ssh with public key | milo974 | OpenBSD Security | 11 | 9th July 2008 04:52 PM |
obsd 4.3 secure ssh use | milo974 | OpenBSD Security | 9 | 3rd July 2008 11:23 AM |
How secure are apps that using RPC portmapping? | aleunix | OpenBSD Security | 4 | 9th June 2008 05:53 PM |