* Colocated server
@ 2004-06-26 14:29 Kevin de Kok
2004-06-26 15:01 ` Antony Stone
2004-06-27 6:52 ` Marek Dohojda
0 siblings, 2 replies; 3+ messages in thread
From: Kevin de Kok @ 2004-06-26 14:29 UTC (permalink / raw)
To: netfilter
Hi all,
I have a server colocated at a isp. Do need to install some kind of
firewall? The isn't in a network but just connected to the internet.
With the services on it what are needed.
greetings,
Kevin de Kok.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Colocated server
2004-06-26 14:29 Colocated server Kevin de Kok
@ 2004-06-26 15:01 ` Antony Stone
2004-06-27 6:52 ` Marek Dohojda
1 sibling, 0 replies; 3+ messages in thread
From: Antony Stone @ 2004-06-26 15:01 UTC (permalink / raw)
To: netfilter
On Saturday 26 June 2004 3:29 pm, Kevin de Kok wrote:
> Hi all,
>
> I have a server colocated at a isp. Do need to install some kind of
> firewall? The isn't in a network but just connected to the internet.
> With the services on it what are needed.
1. Who has to rebuild the machine if it gets trashed by an attacker?
2. Who gets held responsible if it's used to launch an attack elsewhere?
3. Who cares about any data which is held on the machine?
4. What are the legal obligations (under how many jurisdictions?) regarding
any personal data held on the machine?
5. What services does the machine provide and how confident are you that they
have no vulnerabilities (note: I did not say published or patched
vulnerabilities)?
Other things to think about related to the above, but specifically because the
machine is colocated at an ISP:
1. Do you trust the other customers of the ISP, whose equipment is
(presumably) next to yours in a rack?
2. Does the ISP take responsibility for protecting their own equipment, or
will they come after you if someone sends out an attack from your server?
3. How does the ISP bill you for services - could a compromise on your machine
which results in large amounts of data transfer, land you with a big bill?
Finally, you need to think about what possibilities you are worried about, and
whether a firewall (packet filtering or otherwise) is a suitable solution.
At the very least I would choose to put some network monitoring / intrusion
detection / host hardening / file integrity checking onto the machine, so
that even if I couldn't prevent a problem, I'd know about it as soon as
possible.
Just my 2c - others may advise differently.
At the end of the day, it's your server / data / money / legal liability (the
relative significance of each of the above depending on what the server is
used for and by whom); you need to assess the risk.
Regards,
Antony.
--
If you can't find an Open Source solution for it, then it isn't a real
problem.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Colocated server
2004-06-26 14:29 Colocated server Kevin de Kok
2004-06-26 15:01 ` Antony Stone
@ 2004-06-27 6:52 ` Marek Dohojda
1 sibling, 0 replies; 3+ messages in thread
From: Marek Dohojda @ 2004-06-27 6:52 UTC (permalink / raw)
To: spam; +Cc: netfilter
ONE Giant YES!
Unless your co-location provides firewall, and even then.
Kevin de Kok wrote:
> Hi all,
>
> I have a server colocated at a isp. Do need to install some kind of
> firewall? The isn't in a network but just connected to the internet.
> With the services on it what are needed.
>
> greetings,
>
> Kevin de Kok.
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-06-27 6:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-26 14:29 Colocated server Kevin de Kok
2004-06-26 15:01 ` Antony Stone
2004-06-27 6:52 ` Marek Dohojda
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox