Re: One for the Security Guru's

Henning P. Schmiedehausen (hps@intermeta.de)
Thu, 24 Oct 2002 16:39:23 +0000 (UTC)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lee, Jung-Ik: "RE: PCI Hotplug Drivers for 2.5"
Previous message: Patrick Mochel: "Re: Switching from IOCTLs to a RAMFS"
Maybe in reply to: Robert L. Harris: "One for the Security Guru's"
Next in thread: J Sloan: "[OT] Re: One for the Security Guru's"

Gerhard Mack <gmack@innerfire.net> writes:

>It gets even worse if almost all of your services are encrypted(like you
>would find on an e-commerse site). https will blind an IDS. The last
>place I worked only had 3 ports open and 2 of them were encrypted.

Nah. Do it right:

Internet ----- Firewall ---- SSL Accelerator Box --+---- Webserver
HTTPS HTTPS | HTTP
|
IDS

Check out the boxes from SonicWall, they're quite nice. Expensive,
though. If your E-Commerce site can't afford them, well, then they
shouldn't be able to affore a security consulant in the first
place. :-)

Regards
Henning

-- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen -- Geschaeftsfuehrer INTERMETA - Gesellschaft fuer Mehrwertdienste mbH hps@intermeta.de

Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Lee, Jung-Ik: "RE: PCI Hotplug Drivers for 2.5"
Previous message: Patrick Mochel: "Re: Switching from IOCTLs to a RAMFS"
Maybe in reply to: Robert L. Harris: "One for the Security Guru's"
Next in thread: J Sloan: "[OT] Re: One for the Security Guru's"