mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 07 Feb 2006 14:45:28 -0500
If the appliance is essentially an SSL proxy, the problem is that the traffic
between the appliance and the servers is not encrypted.
That's pretty much par for the course; most networks built with
front-end SSL processors have a relatively short wire between
the front-end processor and back-end server. So it's generally
considered OK for that data to be in the clear since it's
usually going through a switch in the same rack locked in
the same data center.
I wanted to ask if the people who read this list would consider using an
appliance a secure configuration?
"appliance" is a marketing term. Obviously, you'd want to
learn what you could about whether the front-end SSL
processor was capable of protecting itself.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com