Re: External facing web servers on the inside network.

[Goesta Smekal <goesta () smekal at>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

roberticoles () gmail com wrote:
[...]
> wouldn't you still want the web server
> to reside in a dmz?  I mean what if the exploit was against apache or
> iis and the WAF didn't detect/remediate.  or what if the web server
> admin knowingly or unknowingly configured the web server to allow
> remote admin access, amongst other things.

Yes, I do fully agree with you. The point of having a DMZ is to separate
the exposed servers from the inside network. Reverse proxies do help
against some, but definitely not all kinds of threats.

"Ease of administration" is not a good security concept ;-)

Just my 2c.

  Goesta

- --
#!/usr/bin/perl
foreach $c (split(/ /,"47 6f 65 73 74 61 20 53 6d 65 6b 61 6c 0d 0a")) {
print pack("C", hex($c));}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAky1+VgACgkQLAKF+YJZq5Mf9QCaAtisToWqcKnJR6MFQ7DYrlIK
txEAoIXSuric3lkct1caVjYl+KMlPvXQ
=3ly8
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature