Firewall Wizards mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "golovast" <golovast () yandex ru>
Date: Sun, 5 Feb 2006 12:41:28 +0300 (MSK)
I have a bit of a follow up question. Well, actually it's somewhat on a different subject, but still, I think this is the right place to ask it. I have a number of web servers. They process ssl transactions.They have PCI SSL accelerators in them. They are no longer supported and we have to make a replacement. Now, an appliances better for a variety of reasons. More servers can be on it,easier to manage, scalable, etc. If the appliance is essentially an SSL proxy, the problem is that the traffic between the appliance and the servers is not encrypted. If I still do SSL between the appliance and the server, that mostly defeats the purpose of having an appliance in the first place, since I will have to do SSL decryption on the servers anyway. I wanted to ask if the people who read this list would consider using an appliance a secure configuration? Technically, the traffic is not going over the public network, however, obviously it's unencrypted. Is the trade off for improvements with appliance worth it? If so, do any of you have experience with an appliance? I've looked at Radware, F5, ncipher..etc. Thanks again. P.S. I don't provide a name because I don't want to be identified with the company I am working for. Yeah, it's paranoid, but you know what they say: Just because you're paranoid, it doesn't mean they aren't after you...=]. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- question on securing out-of-band management golovast (Feb 03)
- RE: question on securing out-of-band management Paul Melson (Feb 07)
- Re: question on securing out-of-band management Marcus J. Ranum (Feb 07)
- Re: question on securing out-of-band management Kevin (Feb 07)
- <Possible follow-ups>
- RE: question on securing out-of-band management Brian Ford (brford) (Feb 07)
- RE: question on securing out-of-band management golovast (Feb 07)
- Re: question on securing out-of-band management Kevin (Feb 07)
- Re: question on securing out-of-band management golovast (Feb 07)
- Re: question on securing out-of-band management R. DuFresne (Feb 09)
- RE: question on securing out-of-band management golovast (Feb 07)
- RE: question on securing out-of-band management (ver. 2) golovast (Feb 07)
- RE: question on securing out-of-band management (ver. 2) Marcus J. Ranum (Feb 07)
- Re: question on securing out-of-band management (ver. 2) Dave Piscitello (Feb 08)
- RE: question on securing out-of-band management (ver. 2) golovast (Feb 08)
- Re: question on securing out-of-band management (ver. 2) Dave Piscitello (Feb 15)