Firewall Wizards mailing list archives

RE: Mainframes on the Net?

From: "Scott, Richard" <Richard.Scott () BestBuy com>
Date: Wed, 13 Nov 2002 10:39:15 -0600

<snip>
Needless to say, I considered this to be a joke....putting the crown 
jewels on the net? Where's the multi-tiered architecture? Where's the 
"defense in depth?" Sure the S/390 has "never been hacked" (their 
words) but who has ever put it in a position to be hacked?
<snip>

If I was going to place a huge system in the fore tier of a DMZ, I would
strongly recommend a full compartmentalized O/S.  I am not too sure what IBM
has, but HP has their vault/ B2 spec systems.  

I've seen a lot of this type of movement, which is quite understandable
really.  The move away from many servers to a more robust distributed system
with the mainframe the power horse.  Often the mainframe disappears with a
couple of servers, and I am not talking simple 4 CPU boxes here.

If the O/S can not be separated logically on the hardware and communication
exists via IPC or file system you have a huge problem.  You can treat the
one box system as separate individual components but this gets expensive
from a high availability perspective.  I would strongly advocate running
smaller boxes for apache, after all they don't necessarily need the power
and then running secure feeds to the mainframe where the processing can be
executed in a more stable manner.  It's my guessing that your mainframe
provides other functionality and business critical processes.  Hence place
this as many hops away from your Internet presence as possible!

Unfortunately, the move for larger processing systems for web applications
has increased with the available amount of customer information that is out
there that can be used to customize their experience with interfacing with
the companies.  Your point, click and wait for your product isn't the model
anymore.  It's a more rich content, suggest items of interest, up sell cross
sell give the consumer everything they think they need and the other items
they will need but do not realize yet.

Cheers
r.


Richard Scott
INFORMATION SECURITY

The views expressed in this email do not represent Best Buy
or any of its subsidiaries





_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Mainframes on the Net?, (continued)
- - Re: Mainframes on the Net? Barney Wolff (Nov 13)
  - segmentation of DMZs Shimon Silberschlag (Nov 14)
    - Re: segmentation of DMZs Paul D. Robertson (Nov 14)
    - Re: segmentation of DMZs Carson Gaspar (Nov 14)
    - Re: segmentation of DMZs Mikael Olsson (Nov 16)
    - Re: segmentation of DMZs Carson Gaspar (Nov 17)
    - Re: segmentation of DMZs Miles Sabin (Nov 15)
    - RE: segmentation of DMZs Ofir Arkin (Nov 18)
  - Re: Mainframes on the Net? Lorens Kockum (Nov 14)
- Re: Mainframes on the Net? R. DuFresne (Nov 13)
- RE: Mainframes on the Net? Scott, Richard (Nov 13)
- RE: Mainframes on the Net? Noonan, Wesley (Nov 13)
- RE: Mainframes on the Net? Desai, Ashish (Nov 14)
  - RE: Mainframes on the Net? Paul D. Robertson (Nov 14)
- RE: Mainframes on the Net? ark (Nov 15)
  - RE: Mainframes on the Net? Paul D. Robertson (Nov 15)
  - RE: Mainframes on the Net? Gwendolynn ferch Elydyr (Nov 15)