RE: [fw-wiz] question on securing out-of-band management (ver. 2)

---

• From: "golovast" <golovast@xxxxxxxxx>
• Date: Sun, 5 Feb 2006 12:41:28 +0300 (MSK)

---

I have a bit of a follow up question. Well, actually it's somewhat on a different subject,
but still, I think this is the right place to ask it.

I have a number of web servers. They process ssl transactions.They have
PCI SSL accelerators in them. They are no longer supported and we have
to make a replacement. Now, an appliances better for a variety of reasons.
More servers can be on it,easier to manage, scalable, etc.
If the appliance is essentially an SSL proxy, the problem is that the traffic
between the appliance and the servers is not encrypted. If I still do SSL
between the appliance and the server, that mostly defeats the purpose of
having an appliance in the first place, since I will have to do SSL decryption
on the servers anyway.

I wanted to ask if the people who read this list would consider using an
appliance a secure configuration? Technically, the traffic is not going over the
public network, however, obviously it's unencrypted. Is the trade off for
improvements with appliance worth it?
If so, do any of you have experience with an appliance?
I've looked at Radware, F5, ncipher..etc.

Thanks again.


P.S. I don't provide a name because I don't want to be identified
with the company I am working for. Yeah, it's paranoid, but you know what they say:
Just because you're paranoid, it doesn't mean they aren't after you...=].
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Follow-Ups:
  • RE: [fw-wiz] question on securing out-of-band management (ver. 2)
    • From: Marcus J. Ranum

• References:
  • RE: [fw-wiz] question on securing out-of-band management
    • From: Brian Ford (brford)

• Prev by Date: Re: [fw-wiz] IPS vs. Firewalls (why vs. ?)
• Next by Date: RE: [fw-wiz] IPS vs. Firewalls (why vs. ?)
• Previous by thread: Re: [fw-wiz] question on securing out-of-band management
• Next by thread: RE: [fw-wiz] question on securing out-of-band management (ver. 2)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Help with Installation of Rack Mounted Appliances ... Racks are by standard 19" wide. ... Servers and 3U UPS) it got a bit harder. ... > Does anyone have experience with installation of a rack- ... > What method do you prefer for appliance configuration? ... (microsoft.public.exchange2000.admin) RE: [fw-wiz] question on securing out-of-band management (ver. 2) ... between the appliance and the servers is not encrypted. ... That's pretty much par for the course; most networks built with ... learn what you could about whether the front-end SSL ... (Firewall-Wizards) Re: Routing mail to servers in the organization ... remove it and set it on SMTP Connector for address space *. ... This will ensure messages to other Exchange Servers in the same Routing ... mail via the SMTP smart host to the appliance and the appliance fowrwards ... (microsoft.public.exchange.admin) Re: Hardware vs software firewall ... > so a NAS box is a server, not an appliance, as it supports storage of files? ... My Linksys units have small web interfaces, ... web servers, and it doesn't make them servers. ... (comp.security.firewalls) Re: OMA not implemented issue ... changed the SSL settings to secure only the ... Why did you create another 'Web site identifier'? ... necessary when using front-end servers. ... invokeAttr, Binder binder, Objectparameters, CultureInfo culture, ... (microsoft.public.exchange.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)