Firewall Wizards mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 07 Feb 2006 14:45:28 -0500
golovast wrote:
If the appliance is essentially an SSL proxy, the problem is that the traffic between the appliance and the servers is not encrypted.
That's pretty much par for the course; most networks built with front-end SSL processors have a relatively short wire between the front-end processor and back-end server. So it's generally considered OK for that data to be in the clear since it's usually going through a switch in the same rack locked in the same data center.
I wanted to ask if the people who read this list would consider using an appliance a secure configuration?
"appliance" is a marketing term. Obviously, you'd want to learn what you could about whether the front-end SSL processor was capable of protecting itself. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- question on securing out-of-band management golovast (Feb 03)
- RE: question on securing out-of-band management Paul Melson (Feb 07)
- Re: question on securing out-of-band management Marcus J. Ranum (Feb 07)
- Re: question on securing out-of-band management Kevin (Feb 07)
- <Possible follow-ups>
- RE: question on securing out-of-band management Brian Ford (brford) (Feb 07)
- RE: question on securing out-of-band management golovast (Feb 07)
- Re: question on securing out-of-band management Kevin (Feb 07)
- Re: question on securing out-of-band management golovast (Feb 07)
- Re: question on securing out-of-band management R. DuFresne (Feb 09)
- RE: question on securing out-of-band management golovast (Feb 07)
- RE: question on securing out-of-band management (ver. 2) golovast (Feb 07)
- RE: question on securing out-of-band management (ver. 2) Marcus J. Ranum (Feb 07)
- Re: question on securing out-of-band management (ver. 2) Dave Piscitello (Feb 08)
- RE: question on securing out-of-band management (ver. 2) golovast (Feb 08)
- Re: question on securing out-of-band management (ver. 2) Dave Piscitello (Feb 15)