Hi,
My question is. I have my pix firewall. Its configured tightly. Only allowing port 80 and port 25 to come in. I have implemented egress filtering on the inside interface as well as the dmz interface. Its running IDS. Should I bother going crazy with iptables scripts on my server? The pix is very smart and with access-lists I control everything. I have implemented many security procedures on my servers and I only run the processes that i need, but do i need the software firewall? If I start implementing the rules on my pix to iptables on my server, isnt that doubling up? So if i were to double up I think that would be a waste. And that would mean that i dont trust my pix.
Maybe some people can shed some light on this for me.
Thanks
My question is. I have my pix firewall. Its configured tightly. Only allowing port 80 and port 25 to come in. I have implemented egress filtering on the inside interface as well as the dmz interface. Its running IDS. Should I bother going crazy with iptables scripts on my server? The pix is very smart and with access-lists I control everything. I have implemented many security procedures on my servers and I only run the processes that i need, but do i need the software firewall? If I start implementing the rules on my pix to iptables on my server, isnt that doubling up? So if i were to double up I think that would be a waste. And that would mean that i dont trust my pix.
Maybe some people can shed some light on this for me.
Thanks