Firewall Wizards mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "Desai, Ashish" <Ashish.Desai () fmr com>
Date: Thu, 9 Feb 2006 11:33:17 -0500
One correction, doing SSL between the appliance and the backend server is less taxing that than customer->server, because the appliance can reuse the SSL session for all request and not create new SSL session (which is where the overhead is). Appliances offer other benefits that is a little hard to do with servers. 1. Eases management of SSL certs. Would you like to manage 500 SSL certs on one machine or 500 machines? 2. Load balancing The applicance can load balance the traffic to multiple web servers. To do that at the server level would require DNS level load balancing which has its own issues. 3. Transparent failover. If you want to failover customer traffic from site A to site B, the device can do it more easily DNS changes, in which case you are are the mercy of the client to obey DNS. Applicance is not really about "improved" security, it more about improving your system management process. Ashish -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of golovast Sent: Sunday, February 05, 2006 4:41 AM To: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] question on securing out-of-band management (ver. 2) trimmed.... I wanted to ask if the people who read this list would consider using an appliance a secure configuration? Technically, the traffic is not going over the public network, however, obviously it's unencrypted. Is the trade off for improvements with appliance worth it? If so, do any of you have experience with an appliance? I've looked at Radware, F5, ncipher..etc. Thanks again. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: question on securing out-of-band management (ver. 2) Desai, Ashish (Feb 09)