Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Does It Need a Firewall?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
DancesWithWords
Guru
Guru


Joined: 29 Jun 2002
Posts: 347
Location: ottawa, canada

PostPosted: Sat Feb 20, 2016 1:09 am    Post subject: Does It Need a Firewall? Reply with quote

I've a small home webserver that has relied on a router firewall to protect it for a number of years. I'm am not sure if it is dumb luck or the fact the router firewall is works well that it has never been hack. My question is: does this webserver need to have it own firewall or can I continue to trust my webservers security to the routers firewall?


=====
DWW
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Sat Feb 20, 2016 1:31 am    Post subject: Reply with quote

Most home routers tend to firewall as a side effect of NAT, if not otherwise configured. I do not like to rely on closed "consumer" grade devices for this sort of protection since I do not trust the vendor to do a good job.

Whether you need separate protection depends in part on the worst case scenario if a malicious user did connect to your home webserver. What can he/she do with it? For example, does it have permission to modify the system, either installing or deleting files? Could the malicious user download files you do not want to share with the world (medical, financial, etc.)? If the worst case is a scenario you consider acceptable, then no further protection is necessary. Otherwise, I would suggest you at least perform a structured investigation of whether your success so far has been, as you say "dumb luck" or if the router is adequate protection. You may conclude that no further changes are needed, but you should make that conclusion based on research, not guess work from people who do not even know your current configuration. If you need hints about how to investigate, please ask. Someone can likely provide guidance.
Back to top
View user's profile Send private message
DancesWithWords
Guru
Guru


Joined: 29 Jun 2002
Posts: 347
Location: ottawa, canada

PostPosted: Sat Feb 20, 2016 2:09 am    Post subject: Reply with quote

Hu wrote:
Most home routers tend to firewall as a side effect of NAT, if not otherwise configured. I do not like to rely on closed "consumer" grade devices for this sort of protection since I do not trust the vendor to do a good job.

Whether you need separate protection depends in part on the worst case scenario if a malicious user did connect to your home webserver. What can he/she do with it? For example, does it have permission to modify the system, either installing or deleting files? Could the malicious user download files you do not want to share with the world (medical, financial, etc.)? If the worst case is a scenario you consider acceptable, then no further protection is necessary. Otherwise, I would suggest you at least perform a structured investigation of whether your success so far has been, as you say "dumb luck" or if the router is adequate protection. You may conclude that no further changes are needed, but you should make that conclusion based on research, not guess work from people who do not even know your current configuration. If you need hints about how to investigate, please ask. Someone can likely provide guidance.


I appreciate your observations.

I my configuration is:

Dell Precision 650
Intel(R) Xeon(TM) CPU 3.20GHz
6Gb Ram
Nvidia Quadro 3400 video card
1Tb HDD

Apache 2.2.31
Mysql 5.6.29
PHP 5.5.24


Its primary function is a web gallery for all my photos.

router is:
Cisco E3200 Dual Band with current firmware

======
DWW
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum