Greetings Aza,
> 1. When reading abount packet filtering and proxies,
> everybody says that a proxy gives more security than
> (stateful) packet filtering. Can you explain why?
It appears that all the responses so far have verged on philosophical
or theological answers. They did explain why . . . but personally,
I like to run both at the same time, in addition to TCP wrappers. It may
be overkill and slow down the connection a bit, but I have two levels
of security on outgoing connections (packet filtering and proxy services)
and two levels on incoming connections (packet filtering and wrappers).
This also gives me verbose logging for both incoming and outgoing
connections.
> 2. When testing my server by online port scanners, I
> don't see any difference when I turn on or off the
> firewall. Is it always necessary to use a firewall, when
> only using www (outbound; no webserver in network)?
I would always use a firewall with an internet connection. You have told
the world what your network consists of and although I don't know what
vulnerabilities there may be for Novell Netware 5, I am sure that the
wily hackers know. Without a firewall, you are giving the world open
access to your network.
> (I'm using a Windows workstation and do www via a Novell NetWare 5 server,
> running NAT). In that situation (only outbound www), there are no open
> ports, aren't they? Then it's impossible to connect to any port on my
> Novell-machine?
Bob Gerrish
Unix Systems Administrator
Trim Systems, LLC
Seattle, WA
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
