Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

RE: question on securing out-of-band management (ver. 2)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 07 Feb 2006 14:45:28 -0500

golovast wrote:
If the appliance is essentially an SSL proxy, the problem is that the traffic 
between the appliance and the servers is not encrypted.

That's pretty much par for the course; most networks built with
front-end SSL processors have a relatively short wire between
the front-end processor and back-end server. So it's generally
considered OK for that data to be in the clear since it's
usually going through a switch in the same rack locked in
the same data center.

I wanted to ask if the people who read this list would consider using an 
appliance a secure configuration?

"appliance" is a marketing term. Obviously, you'd want to
learn what you could about whether the front-end SSL
processor was capable of protecting itself.


firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]