View previous topic :: View next topic |
Author |
Message |
DancesWithWords Guru
Joined: 29 Jun 2002 Posts: 347 Location: ottawa, canada
|
Posted: Sat Feb 20, 2016 1:09 am Post subject: Does It Need a Firewall? |
|
|
I've a small home webserver that has relied on a router firewall to protect it for a number of years. I'm am not sure if it is dumb luck or the fact the router firewall is works well that it has never been hack. My question is: does this webserver need to have it own firewall or can I continue to trust my webservers security to the routers firewall?
=====
DWW |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21635
|
Posted: Sat Feb 20, 2016 1:31 am Post subject: |
|
|
Most home routers tend to firewall as a side effect of NAT, if not otherwise configured. I do not like to rely on closed "consumer" grade devices for this sort of protection since I do not trust the vendor to do a good job.
Whether you need separate protection depends in part on the worst case scenario if a malicious user did connect to your home webserver. What can he/she do with it? For example, does it have permission to modify the system, either installing or deleting files? Could the malicious user download files you do not want to share with the world (medical, financial, etc.)? If the worst case is a scenario you consider acceptable, then no further protection is necessary. Otherwise, I would suggest you at least perform a structured investigation of whether your success so far has been, as you say "dumb luck" or if the router is adequate protection. You may conclude that no further changes are needed, but you should make that conclusion based on research, not guess work from people who do not even know your current configuration. If you need hints about how to investigate, please ask. Someone can likely provide guidance. |
|
Back to top |
|
|
DancesWithWords Guru
Joined: 29 Jun 2002 Posts: 347 Location: ottawa, canada
|
Posted: Sat Feb 20, 2016 2:09 am Post subject: |
|
|
Hu wrote: | Most home routers tend to firewall as a side effect of NAT, if not otherwise configured. I do not like to rely on closed "consumer" grade devices for this sort of protection since I do not trust the vendor to do a good job.
Whether you need separate protection depends in part on the worst case scenario if a malicious user did connect to your home webserver. What can he/she do with it? For example, does it have permission to modify the system, either installing or deleting files? Could the malicious user download files you do not want to share with the world (medical, financial, etc.)? If the worst case is a scenario you consider acceptable, then no further protection is necessary. Otherwise, I would suggest you at least perform a structured investigation of whether your success so far has been, as you say "dumb luck" or if the router is adequate protection. You may conclude that no further changes are needed, but you should make that conclusion based on research, not guess work from people who do not even know your current configuration. If you need hints about how to investigate, please ask. Someone can likely provide guidance. |
I appreciate your observations.
I my configuration is:
Dell Precision 650
Intel(R) Xeon(TM) CPU 3.20GHz
6Gb Ram
Nvidia Quadro 3400 video card
1Tb HDD
Apache 2.2.31
Mysql 5.6.29
PHP 5.5.24
Its primary function is a web gallery for all my photos.
router is:
Cisco E3200 Dual Band with current firmware
======
DWW |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|