mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "golovast" <golovast () yandex ru>
Date: Sun, 5 Feb 2006 12:41:28 +0300 (MSK)
I have a bit of a follow up question. Well, actually it's somewhat on a different subject,
but still, I think this is the right place to ask it.
I have a number of web servers. They process ssl transactions.They have
PCI SSL accelerators in them. They are no longer supported and we have
to make a replacement. Now, an appliances better for a variety of reasons.
More servers can be on it,easier to manage, scalable, etc.
If the appliance is essentially an SSL proxy, the problem is that the traffic
between the appliance and the servers is not encrypted. If I still do SSL
between the appliance and the server, that mostly defeats the purpose of
having an appliance in the first place, since I will have to do SSL decryption
on the servers anyway.
I wanted to ask if the people who read this list would consider using an
appliance a secure configuration? Technically, the traffic is not going over the
public network, however, obviously it's unencrypted. Is the trade off for
improvements with appliance worth it?
If so, do any of you have experience with an appliance?
I've looked at Radware, F5, ncipher..etc.
P.S. I don't provide a name because I don't want to be identified
with the company I am working for. Yeah, it's paranoid, but you know what they say:
Just because you're paranoid, it doesn't mean they aren't after you...=].
firewall-wizards mailing list
firewall-wizards () honor icsalabs com