Firewall Wizards: RE: External Load Balancing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

RE: External Load Balancing

From: Mark.Boltz () stonesoft com
Date: Tue, 11 Jan 2005 10:01:38 -0500

One advantage of the Radware products is that they are true
appliances, and you can tightly lock down remote management protocols.


On BigIP units, the web-interface, SSH, and the serial console can 
all be disabled. Perhaps you should do your homework first :-)


So you *can* tightly lock down Radware and apparently BigIP gear as well. 
But the real question is, why are these enabled by default then, as you 
imply?

Default insecure, but can be made secure is bad. Default secure, but you 
can make it less so if you really, really want to, is better. Only 
providing reasonably secure options like SSH but not plain HTTP is a bit 
better, especially when they are not on by DEFAULT. Arg. When will vendors 
stop this nonsense? When the customers finally stop accepting it and 
DEMANDING better products!

Mark Boltz
Sr. Security Consultant
Stonesoft Inc.

By Date By Thread

Current thread:

Re: External Load Balancing, (continued)
- Re: External Load Balancing Richard St John (Jan 06)
  - Re: External Load Balancing hutuworm (Jan 11)
- RE: External Load Balancing Warren Verbanec (Jan 07)
  - Re: External Load Balancing John Hall (Jan 09)
- RE: External Load Balancing Joshua Thomas (Jan 11)
  - RE: External Load Balancing Mark . Boltz (Jan 11)
    - Re: External Load Balancing Ng Pheng Siong (Jan 14)
- Re: External Load Balancing Roger Marquis (Jan 11)
  - Re: Re: External Load Balancing Antonio Varni (Jan 11)
  - Re: Re: External Load Balancing John Hall (Jan 11)