Firewall Wizards mailing list archives
Re: Load balancer in lieu of firewall...
From: The Unicorn <unicorn () blackhats org>
Date: Sun, 30 May 1999 13:12:37 +0200
Hi John, On Mon, May 24, 1999 at 10:51:34AM -0400, John Nanas wrote:
Greets to all- Pardon the simple question, but I've been bombarded by marketing material and now have little sense left in me to make a rational decision. We've been investigating load balancers for a new website that we're going to launch. The site has to be reasonably secure, which is why we've allocated budget for a firewall as well as a load balancer. The makers of the BigIP, F5 Labs, assure us that the packet filtering features of their load balancer are sufficient, and that we don't need a firewall. I need to make a case of this, in simple terms, to my superiors. Granted that the device does packet filtering, it offers a good deal of security. It does not have a telnet interface, and all configuration takes place using SSL. Does anyone have a suggestion as to why this wouldn't work?
Depends on the security of your webserver (and other servers you want to provide to the outside world). Packet filters just determine if a packet may enter or not. After entering I (oops, I mean the "evil hacker" of course ;-) talk directly to your server. If there is a vulnerability in that complex piece of software no packet filter is going to secure you, but a application proxy firewall might...
Thanks, John Nanas
---end quoted text--- Ciao, Unicorn. -- ======= _ __,;;;/ TimeWaster ================================================ ,;( )_, )~\| A Truly Wise Man Never Plays PGP: 64 07 5D 4C 3F 81 22 73 ;; // `--; Leapfrog With A Unicorn... 52 9D 87 08 51 AA 35 F0 ==='= ;\ = | ==== Youth is Not a Time in Life, It is a State of Mind! =======
Current thread:
- Load balancer in lieu of firewall... John Nanas (May 28)
- Re: Load balancer in lieu of firewall... The Unicorn (May 30)
- RE: Load balancer in lieu of firewall... Scott Brown (May 30)
- RE: Load balancer in lieu of firewall... Thomas Crowe (May 30)
- <Possible follow-ups>
- Re: Load balancer in lieu of firewall... Chris Michael (May 30)
- Re: Load balancer in lieu of firewall... Holger Heimann (May 30)