Can I use SCO Unix as a firewall?
Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server?
A firewall should be a stand alone machine- it shouldn't serve mail, web or anything else. The internal machines should be hardened as much as possible too, but the first line of defense should be entirely separate. If you are really paranoid, have multiple firewalls- it's so cheap to do nowadays that anyone who has any reason to be concerned about security has no reason not to. Used hardware perfectly capable of being Linux or BSD firewalls can be had for next to nothing- sometimes just for the efort of going to pick it up!
It's also not a bad concept to use different OS'es- maybe a nice BSD firewall exposed, an internal Linux firewall, and maybe the SCO machine being the gateway for the Windows boxes which in turn are made as secure as they can be- or whatever. The point is that security exploits are often OS specific; having multiple OSes may not protect you but it can't hurt, and it's cheap. The only real downside is that you have to keep current with multiple exploits, but even that isn't all that onerous nowadays.
And if your needs really are serious, then you should probably have some commercial products mixed in there too- it's a simple "what could it cost me if" analysis that too few companies bother to do.
But having a production server protect itself? Very shortsighted- again, yes, it SHOULD protect itself as much as humanly possible, but it should not be dangling out there exposed. Not nowadays, when it's so inexpensive to have better schemes.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2013-07-25 Tony Lawrence