|
Firewall Wizards
mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 07 Feb 2006 14:45:28 -0500
golovast wrote:
If the appliance is essentially an SSL proxy, the problem is that the traffic
between the appliance and the servers is not encrypted.
That's pretty much par for the course; most networks built with
front-end SSL processors have a relatively short wire between
the front-end processor and back-end server. So it's generally
considered OK for that data to be in the clear since it's
usually going through a switch in the same rack locked in
the same data center.
I wanted to ask if the people who read this list would consider using an
appliance a secure configuration?
"appliance" is a marketing term. Obviously, you'd want to
learn what you could about whether the front-end SSL
processor was capable of protecting itself.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- RE: question on securing out-of-band management, (continued)
RE: question on securing out-of-band management (ver. 2) golovast (Feb 07)
| 
Intro
