At 5/13/2002 10:00 PM -0700, you wrote: > My company provides Web site hosting services for about 2 dozen > (Web site development) clients. I've just purchased my 3rd (1U) server > for my colo space. All services (HTTP, SMTP, POP, FTP, etc.) have > previously been allocated to just the one server. The second server was > for backup or (occasionally) Anonymous FTP for large files. > I'm trying to determine the best arrangement of services for each > box. Here's my fantasy as to separation of services for highest security: > > Box #1 -- Web (HTTP) and Primary DNS > Box #2 -- Mail (POP3) and Secondary DNS > Box #3 -- Backup (or occasional Anonymous FTP) > > Any thoughts about this arrangement or suggestions for a better mix?
Seems to me like you have more servers than you need, really. But since they're already in place: Box #1 -- HTTP Box #2 -- SMTP (MX), POP3, IMAP Box #3 -- DNS-1, FTP Box #3 is more likely to be hacked, since DNS and FTP have had more security holes in recent history. Now, find someone on an entirely different network and backbone to do DNS-2 and SMTP-2 (MX-2) for you. If you do DNS-2, then you're OK when a server fails but not when your colo connections go down or when your backbone provider has a problem. I'm in Guatemala, my server is in USA on Sprint and Verio, and my NS2 and MX2 are in the Netherlands on UUnet. -- Rodolfo J. Paiz [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
