Home page logo
/

basics logo Security Basics mailing list archives

Re: External facing web servers on the inside network.
From: Goesta Smekal <goesta () smekal at>
Date: Wed, 13 Oct 2010 20:24:27 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

roberticoles () gmail com wrote:
[...]
wouldn't you still want the web server
to reside in a dmz?  I mean what if the exploit was against apache or
iis and the WAF didn't detect/remediate.  or what if the web server
admin knowingly or unknowingly configured the web server to allow
remote admin access, amongst other things.

Yes, I do fully agree with you. The point of having a DMZ is to separate
the exposed servers from the inside network. Reverse proxies do help
against some, but definitely not all kinds of threats.

"Ease of administration" is not a good security concept ;-)

Just my 2c.

  Goesta

- --
#!/usr/bin/perl
foreach $c (split(/ /,"47 6f 65 73 74 61 20 53 6d 65 6b 61 6c 0d 0a")) {
print pack("C", hex($c));}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAky1+VgACgkQLAKF+YJZq5Mf9QCaAtisToWqcKnJR6MFQ7DYrlIK
txEAoIXSuric3lkct1caVjYl+KMlPvXQ
=3ly8
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault