Gee, isn't this a kind of "man in the middle" security breach ?!?! Most
of the people on the net, including me, expect that nobody and I mean
nobody is sitting between my browser and the web server, seeing
unencrypted packets when we use SSL.
And now your telling me that the SSL Accelerator Box and the IDS is
seeing in clear text the traffic I thought only the web server was
seeing ?!?! And presumably, the IDS is logging somewhere all the credit
card info that I might be sending...
Mind you, I guess nothing prevented somebody to do something behind the
Webserver to do some wicked thing but now, your telling me that they are
devices, on the open market, specially design to do this!
So now, you have to worry about "internal" security on 3 boxes instead
of one.
Customer Information Security is now tredeoff for more Servers Security.
How sad :(
Danny
On Thu, 2002-10-24 at 12:39, Henning P. Schmiedehausen wrote:
> Nah. Do it right:
>
> Internet ----- Firewall ---- SSL Accelerator Box --+---- Webserver
> HTTPS HTTPS | HTTP
> |
> IDS
>
> Check out the boxes from SonicWall, they're quite nice. Expensive,
> though. If your E-Commerce site can't afford them, well, then they
> shouldn't be able to affore a security consulant in the first
> place. :-)
>
> Regards
> Henning
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:25 EST