Home page logo
/

pen-test logo Penetration Testing mailing list archives

Question re: load balancers as a security device
From: dan.tesch () comcast net
Date: 22 Jan 2008 15:05:28 -0000

I'm new to a company that has a large number of sites parked on managed servers at a hosting facility - the servers, 
firewalls and load balancers are exclusive to our use but managed by the ISP.

In reviewing our site design I have seen that the VPN between our LAN and the hosting facility permits all IP traffic 
in both directions - effectively making these public facing servers part of our LAN in my opinion.

For obvious reasons I'm looking to change this.  Nobody is lobbying against the change but a senior developer that was 
involved in the original design points out that because of the load balancers in front of the servers, the world at 
large is not able to touch the machines and thus the potential for compromise is limited.

Could I get some comments from this community about how vulnerable or not this type of setup might be? I'm looking for 
specific info related to the load balancers not commentary about the corporate LAN in this situation - even if the 
combination of the firewalls and load balancers provide 99.9% protection I think it is a bad idea and would most likely 
not pass PCI scrutiny.

Thanks

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault