Firewall Wizards mailing list archives
RE: Mainframes on the Net?
From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Wed, 13 Nov 2002 10:39:15 -0600
<snip> Needless to say, I considered this to be a joke....putting the crown jewels on the net? Where's the multi-tiered architecture? Where's the "defense in depth?" Sure the S/390 has "never been hacked" (their words) but who has ever put it in a position to be hacked? <snip> If I was going to place a huge system in the fore tier of a DMZ, I would strongly recommend a full compartmentalized O/S. I am not too sure what IBM has, but HP has their vault/ B2 spec systems. I've seen a lot of this type of movement, which is quite understandable really. The move away from many servers to a more robust distributed system with the mainframe the power horse. Often the mainframe disappears with a couple of servers, and I am not talking simple 4 CPU boxes here. If the O/S can not be separated logically on the hardware and communication exists via IPC or file system you have a huge problem. You can treat the one box system as separate individual components but this gets expensive from a high availability perspective. I would strongly advocate running smaller boxes for apache, after all they don't necessarily need the power and then running secure feeds to the mainframe where the processing can be executed in a more stable manner. It's my guessing that your mainframe provides other functionality and business critical processes. Hence place this as many hops away from your Internet presence as possible! Unfortunately, the move for larger processing systems for web applications has increased with the available amount of customer information that is out there that can be used to customize their experience with interfacing with the companies. Your point, click and wait for your product isn't the model anymore. It's a more rich content, suggest items of interest, up sell cross sell give the consumer everything they think they need and the other items they will need but do not realize yet. Cheers r. Richard Scott INFORMATION SECURITY The views expressed in this email do not represent Best Buy or any of its subsidiaries _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Mainframes on the Net?, (continued)
- Re: Mainframes on the Net? Barney Wolff (Nov 13)
- segmentation of DMZs Shimon Silberschlag (Nov 14)
- Re: segmentation of DMZs Paul D. Robertson (Nov 14)
- Re: segmentation of DMZs Carson Gaspar (Nov 14)
- Re: segmentation of DMZs Mikael Olsson (Nov 16)
- Re: segmentation of DMZs Carson Gaspar (Nov 17)
- Re: segmentation of DMZs Miles Sabin (Nov 15)
- RE: segmentation of DMZs Ofir Arkin (Nov 18)
- Re: Mainframes on the Net? Lorens Kockum (Nov 14)
- RE: Mainframes on the Net? Paul D. Robertson (Nov 14)
- RE: Mainframes on the Net? Paul D. Robertson (Nov 15)
- RE: Mainframes on the Net? Gwendolynn ferch Elydyr (Nov 15)