Re: WAN optimization security

[kaneda <kaneda.san.sec () gmail com>]

You should also look at the security of the WAN optimisation device  
itself:

* How do you administer the device?
* Can you apply ACLs to the admin interface?
* Can it be isolated on a OOB network
* Are firmware updates uploaded via SSL or can it be intercepted?, etc.


On 28/10/2009, at 3:56 AM, Bretten, Andrew P wrote:

> WW, you should absolutely considor security when deploying these  
> solutions.
>
> Questions should come up such as does the device encrypt the data it  
> "caches" on the device ?
> How does it decrypt the data and where are the keys used for encrypt/ 
> decrypt stored ?
> What are is the performance impact of encryption ?
>
> Andy
>
> -----Original Message-----
> From: listbounce () securityfocus com  
> [mailto:listbounce () securityfocus com] On Behalf Of W W
> Sent: Tuesday, October 27, 2009 11:41 AM
> To: security-basics () securityfocus com
> Subject: WAN optimization security
>
> Our organization is looking at WAN optimization products (cisco and
> riverbed).  I'm not all that familiar with eithe products, but it
> seems they are file caching servers on steroids (maybe I'm over
> simplifying).  My biggest concern is what if any security
> considerations do I need to look at when deploying these devices?
>
> Thanks
> WW
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
> This e-mail message, including any attachments, is for the sole use  
> of the intended recipient(s) and may contain information that is  
> confidential and protected by law from unauthorized disclosure. Any  
> unauthorized review, use, disclosure or distribution is prohibited.  
> If you are not the intended recipient, please contact the sender by  
> reply e-mail and destroy all copies of the original message.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


--


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------