Results 1 to 11 of 11
  1. #1

    What's the point in firewalls?

    Why does a web host need a firewall?

    The point of a firewall is to stop people accessing machines, right? But a web host runs servers that need to be accessed by all, and are most likely in public IP address ranges.

  2. #2
    Join Date
    Jul 2002

    Well... multiple reasons....

    you say people need access... yes... but you don't want to let them have any control over your server... (do u?!?!?!)

    A firewall helps in the prevention of people trying to get acces to your server on certain ports...

    However... remember a firewall cannot stop you being hacked... just adds another layer of protection to make it harder (in thory )

  3. #3
    You can keep people from portscanning your machines and only alow mail, ftp, ssh, and web. This keeps the machines from having to respond to portscans, and let's the firewall just drop them. Without a firewall, it is a lot easier to DoS a machine by filling up it's connection table.

  4. #4
    Schumie: Surely you can just not leave the ports open? How does a firewall do this any better than the server itself?

    bambenek: If that's the case, then why do hosts pay for firewalls such as PIXes, when a decently configured *nix box could do it?

  5. #5
    Join Date
    Dec 2001
    Detroit, MI

    Having a firewall separate from your servers prevents anyone from running their own server applications without authorization by the host. A common example is that anyone can start an IRC daemon, but if port 6667 is blocked then it will do them no good.

    Most smaller hosts don't pay for expensive firewalls like PIX, Netscreen, or Checkpoint, and are perfectly content letting the servers do the work via ipfw or ipchains/tables.
    <!-- boo! -->

  6. #6
    So why don't big hosts just block the ports on their servers?

  7. #7
    Join Date
    Dec 2001
    Detroit, MI
    It's much easier to have it all blocked at one device, when you control hundreds of servers you don't want to mess with firewall configurations on each one, or the overhead involved.

    Good firewall devices/servers offer a lot more than your generic ipfw and iptables stuff as well, like advanced logging, SPI, VPN access, etc.
    <!-- boo! -->

  8. #8
    Thanks for the replies so far. Still trying to work this out in my head though :-)

    Fair enough, so it's a matter of convenience.

    The only thing that a firewall would bring to a host, then, is being able to stop servers (IRC servers for example) being run on the servers?

    As for VPNs, they don't seem important in a hosting environment, and what does SPI bring if you're quite deliberately wanting to allow connections in?

  9. #9
    Join Date
    Dec 2000
    Leesburg, VA
    Originally posted by dannyboy

    As for VPNs, they don't seem important in a hosting environment,
    Not true, VPNS are very important in the enterprise hosting environment. Larger hosting companies often have clients run VPNs to their servers. The VPNs are used to update content, synchronize databases, and provide secure access to remotely hosted corporate intranets.

    VPNS are also important if someone is using a hosting data center as a disaster recovery location.

  10. #10
    Join Date
    Apr 2001
    St. Louis, MO
    As for VPNs, they don't seem important in a hosting environment
    Actually, we have several customers who we have set-up VPNs for so they can access/update their systems securely.
    Mike @ 1-877-4-XIOLINK
    Advanced Managed Microsoft Hosting
    "Your data... always within reach"

  11. #11
    Join Date
    Nov 2001
    to me it all depends on who you are, and what you do with the server/machine

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts