Security Basics: Re: Transmitting Sensitive Information between Servers

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Transmitting Sensitive Information between Servers

From: Nathaniel Hall <lists () spider-security net>
Date: Mon, 08 Sep 2008 14:31:53 -0500

Basha, Arif wrote:

We have a policy to not pass user name/password, etc in clear between
servers within our DMZ.  Is this being too pedantic?

I would be interested to hear how others have this implemented?

Thanks.
Arif

I don't think that is unreasonable.  I have a pretty strict belief that
no sensitive information (PII or logon credentials) should be passed in
the clear, even if it is within a closed network.  I have always setup
SSL connections or, where SSL is not possible, a script that keeps an
SSH tunnel open.  I have been very successful with my SSH tunnel scripts
that restart the tunnel of it is ever closed or fails.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA

By Date By Thread

Current thread:

RE: DMZ Web Servers, (continued)