Hi
From: Reckhard, Tobias [mailto:tobias.reckhard@secunet.com]
Is there some security feature, if we ran a firewall on the same server, which is running other services like HTTP, .. Personally, I'd suggest to get a firewall running on a specific server, and all other services on other systems.
I totally agree with your personal opinion.
The main problem with using a firewall to perform other services is that vulnerabilities in those services can have disastrous effects, typically much graver ones than if merely a server is compromised.
Another thing are users. For larger environments you will have a webteam, which requires several user-accounts on the webserver. You will have ftp enabled, because standard web-design tools like dreamweaver or frontpage allow you to update entire webpages via ftp. Or even worse - you'll have to enable the frontpage extensions - all those services add some new holes to your system. regards, Stefan