RE: question on securing out-of-band management (ver. 2)

["golovast" <golovast () yandex ru>]

I have a bit of a follow up question. Well, actually it's somewhat on a different subject,
but still, I think this is the right place to ask it.

I have a number of web servers. They process ssl transactions.They have 
PCI SSL accelerators in them. They are no longer supported and we have 
to make a replacement. Now, an appliances better for a variety of reasons. 
More servers can be on it,easier to manage, scalable, etc. 
If the appliance is essentially an SSL proxy, the problem is that the traffic 
between the appliance and the servers is not encrypted. If I still do SSL 
between the appliance and the server, that mostly defeats the purpose of 
having an appliance in the first place, since I will have to do SSL decryption 
on the servers anyway.  

I wanted to ask if the people who read this list would consider using an 
appliance a secure configuration? Technically, the traffic is not going over the
 public network, however, obviously it's unencrypted. Is the trade off for 
improvements with appliance worth it? 
If so, do any of you have experience with an appliance? 
I've looked at Radware, F5, ncipher..etc. 

Thanks again.


P.S. I don't provide a name because I don't want to be identified 
with the company I am working for. Yeah, it's paranoid, but you know what they say: 
Just because you're paranoid, it doesn't mean they aren't after you...=].
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards