* Paladin ([EMAIL PROTECTED]) [020624 16:00]: > On 24 Jun 2002 15:01:47 -0500 > Ron Johnson <[EMAIL PROTECTED]> wrote: > > > I've heard that NIS isn't very robust. Might LDAP be a better > > choice? Or is there an important integration between NIS & NFS? > > Funny... I think I've heard something about NFS being kind of > "old"... I may be wrong though! :/ > > NIS & LDAP... I'm on the good track now! Thanks everyone! =) > > BTW, what's more secure? Putting everything in the firewall PC or on
The general answer to this is that it's more secure to keep your firewall machine as minimal as possible. The less it has on it, the fewer possible holes there are. > any other one that's inside the firewall? Another thing (I haven't > got the time to read the documentation, I'm sorry...), can the root > account be centralized too? I don't know about this, but I'd urge that your firewall machine have nothing to do with it: it should have its own local root account and (probably) one local user account, and that's all. This is, of course, idealism, and assumes that you have servers (or at least a server) to spare. In my home network, I only have one always-on machine, so its duties are slightly more expanded than the paranoid firewall should be. Even with just one extra machine, it's easy to make one a stripped-down firewall-only box and the other your all-serving internal box (which can also run dmz-type services, such as web, mail, etc. via DNAT). good times, Vineet -- http://www.doorstop.net/ -- "I disapprove of what you say, but I will defend to the death your right to say it." --Beatrice Hall, The Friends of Voltaire, 1906
pgp9ZuI791HZv.pgp
Description: PGP signature
