Security Basics mailing list archives
Re: External facing web servers on the inside network.
From: Goesta Smekal <goesta () smekal at>
Date: Wed, 13 Oct 2010 20:24:27 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 roberticoles () gmail com wrote: [...]
wouldn't you still want the web server to reside in a dmz? I mean what if the exploit was against apache or iis and the WAF didn't detect/remediate. or what if the web server admin knowingly or unknowingly configured the web server to allow remote admin access, amongst other things.
Yes, I do fully agree with you. The point of having a DMZ is to separate the exposed servers from the inside network. Reverse proxies do help against some, but definitely not all kinds of threats. "Ease of administration" is not a good security concept ;-) Just my 2c. Goesta - -- #!/usr/bin/perl foreach $c (split(/ /,"47 6f 65 73 74 61 20 53 6d 65 6b 61 6c 0d 0a")) { print pack("C", hex($c));} -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky1+VgACgkQLAKF+YJZq5Mf9QCaAtisToWqcKnJR6MFQ7DYrlIK txEAoIXSuric3lkct1caVjYl+KMlPvXQ =3ly8 -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- External facing web servers on the inside network. roberticoles (Oct 13)
- Re: External facing web servers on the inside network. Goesta Smekal (Oct 13)
- Re: External facing web servers on the inside network. danuxx (Oct 13)