Firewall Wizards mailing list archives
Re: Load balancer in lieu of firewall...
From: "Chris Michael" <cm () 21stcentury net>
Date: Sat, 29 May 1999 07:12:33 -0500
At 09:51 AM 5/24/99 , John Nanas wrote:
Pardon the simple question, but I've been bombarded by marketing material and now have little sense left in me to make a rational decision. We've been investigating load balancers for a new website that we're going to launch. The site has to be reasonably secure, which is why we've allocated budget for a firewall as well as a load balancer. The makers of the BigIP, F5 Labs, assure us that the packet filtering features of their load balancer are sufficient, and that we don't need a firewall.
If you're running a web server farms you probably want to use router filtering to block traffic on all non-essential ports. After that, you could use whatever packet filtering is built into the load-balancing stuff. BUT--and this is the big one--you are allowing through http to your web servers. Nothing you do can prevent them from being exposed to http-driven attacks. You want to make those machines as secure as possible and you should consider running some kind of host-based intrusion detection on them. With web servers there's really very little you can do in front of them to protect them (not that you shouldn't try), the web server itself needs to be as locked down as a firewall. Chris -- <--listserv unconfuser { | Christopher Michael | Network Associates | Channel Security Specialist | Chris_Michael () nai com }
Current thread:
- Load balancer in lieu of firewall... John Nanas (May 28)
- Re: Load balancer in lieu of firewall... The Unicorn (May 30)
- RE: Load balancer in lieu of firewall... Scott Brown (May 30)
- RE: Load balancer in lieu of firewall... Thomas Crowe (May 30)
- <Possible follow-ups>
- Re: Load balancer in lieu of firewall... Chris Michael (May 30)
- Re: Load balancer in lieu of firewall... Holger Heimann (May 30)