|
-
November 21st, 2009, 04:06 AM
#11
Maybe I've read this wrong, but it seems stupid to configure two firewalls the exact same way because if someone gets through the first one, they can simply do the exact same thing again and get in the second one.... And having two firewalls for "redundancy" is kind of stupid. If you want machines protected like that, get a cheap D-Link router like I have, which has a built in firewall, then, get a D-Link DSD150 like I have, and now you have two firewalls. As for Web Servers, unless you're running Windows, you could very easily set up IPTables if it's Linux, to drop everything that's not Web Traffic, and if it's BSD, use their IPFilters to drop everything that isn't Web Traffic, and call it a day.
I just got a DSD150 for 9.99 US dollars. They were on sale instead of the 90 dollars they normally sell for.
If you're good enough at Kernel coding, you can also do what most high target places do and just hack the Server into the Kernel, shut off everything else, and drop all services so you basically have nothing more than a Kernel and a shell to talk to it, and the Web server is built in, so even if they attempt exploits they won't work. Some porn companies do this by paying people, and govt does this too because you've essentially made a Kernel that will drop any activity that's not Web related, so nothing gets through it. The Kernel itself drops everything and I don't know of anyone who can break that considering any traffic you send is dropped unless you're using a web browser to look at port 80. Set that up and no one's going to see anything you don't let them see.
Just remember that screwing up a configuration is one of the biggest ways someone gets in anyway. That's how Windows is so easy to break; People assume point and click means easy so they set up what they knew how to click on and left everything else alone. Which in turn means they didn't configure it properly and someone else can get in. When you do it by hand and everything is closed by default, it's harder to screw up since you have to tell it what to actually let through.
Similar Threads
-
By heatwave in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: October 12th, 2012, 08:53 AM
-
By c0br4 in forum AntiVirus Discussions
Replies: 9
Last Post: June 23rd, 2005, 12:06 AM
-
By stevecronin in forum The Security Tutorials Forum
Replies: 7
Last Post: January 23rd, 2005, 04:47 AM
-
By mjk in forum Firewall & Honeypot Discussions
Replies: 6
Last Post: March 12th, 2004, 05:40 AM
-
By Zato in forum Firewall & Honeypot Discussions
Replies: 2
Last Post: February 1st, 2004, 01:01 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote