RE: question on securing out-of-band management (ver. 2)

["Marcus J. Ranum" <mjr () ranum com>]

golovast wrote:
> If the appliance is essentially an SSL proxy, the problem is that the traffic 
> between the appliance and the servers is not encrypted.

That's pretty much par for the course; most networks built with
front-end SSL processors have a relatively short wire between
the front-end processor and back-end server. So it's generally
considered OK for that data to be in the clear since it's
usually going through a switch in the same rack locked in
the same data center.

> I wanted to ask if the people who read this list would consider using an 
> appliance a secure configuration?

"appliance" is a marketing term. Obviously, you'd want to
learn what you could about whether the front-end SSL
processor was capable of protecting itself.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards