golovast wrote:
>If the appliance is essentially an SSL proxy, the problem is that the traffic
>between the appliance and the servers is not encrypted.
That's pretty much par for the course; most networks built with
front-end SSL processors have a relatively short wire between
the front-end processor and back-end server. So it's generally
considered OK for that data to be in the clear since it's
usually going through a switch in the same rack locked in
the same data center.
>I wanted to ask if the people who read this list would consider using an
>appliance a secure configuration?
"appliance" is a marketing term. Obviously, you'd want to
learn what you could about whether the front-end SSL
processor was capable of protecting itself.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 07 2006
Intro
