<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Firewall Wizards: Re: question on securing out-of-band management (ver. 2)

Re: question on securing out-of-band management (ver. 2)

From: Dave Piscitello <dave_at_corecom.com>
Date: Thu, 09 Feb 2006 13:06:23 -0500

golovast wrote:
>> If the appliance is essentially an SSL proxy, the problem is that the traffic
>> between the appliance and the servers is not encrypted.

I must have been half-asleep when I first read this.

Some SSL proxy implementations (VPN appliances) allow you to chain SSL
traffic:

- user negotiates and uses SSL to the proxy
- proxy negotiates and uses SSL to servers

VOIP also uses this technique to protect SIP from UA to proxy servers
and from proxy to proxy across SIP domains.

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

text/x-vcard attachment: dave_vcf

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Feb 15 2006

This message: [ Message body ]
Next message: Paul Melson: "RE: parsing logs ultra-fast inline"
Previous message: Joe Keegan: "RE: PIX to PIX IPSEC VPN IKE Phase 2 problem"
In reply to: Marcus J. Ranum: "RE: question on securing out-of-band management (ver. 2)"
Next in thread: Desai, Ashish: "RE: question on securing out-of-band management (ver. 2)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos