Re: [seul-edu] Slowest Computers and security risks

[Ken Barber <pundit@teleport.com>]

> On Wednesday, October 30, 2002, at 11:12 AM, Dirk Schouten wrote:
> > Our primary school server is a P200 with 32 mb ram.
> > It runs apache, sendmail, router, firewall, MySQL, PHP. No
problems.

On Wednesday 30 October 2002 13:44, Jim Aird wrote:

> I was once lernt by a wise man with convincing logic that your
> combination of services may be a risky move. 

Wrong.

There is no "may be" about it; it IS a risky move.  NEVER put ANY
other services on a firewall.

All of the other services you mentioned (above) have a long history
of multiple vulnerabilities.  If any one of them gets cracked,
you've got a door open to your entire network.  'tis not a pretty
sight.

In fact, for any server to which the world is allowed access, I
strongly recommend that each service resides on its own separate
server.  Web, mail, DNS etc. -- each needs to have its own dedicated
server.  Same reason as above:  when (not if) one gets compromised,
that is ALL the 'hacker' has gotten, instead of unfettered access to
your entire Crown Jewels.

Third, never store a database on a Web server.  Host it on a machine
inside the firewall and give the Web server permission to query it.

And yes, I am a nationally recognized, certified security expert.
I'm available for work, if anyone is interested.

Ken Barber