Jesse, Pretty cool university there.... Promoting experimentation :) Ideally the big pipes there aren't clogged with po*n and wa*ez like here...
With the issue of two servers that need synched and are not local, there is that concept of a WAN to review.... private still but accessible in a secure manner... VPN indeed is costly and complex to maintain... Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -----Original Message----- From: Jesse Houwing <[EMAIL PROTECTED]> Date: Mon, 27 Jan 2003 00:52:36 +0100 Subject: Re: SQL Worm > > > > > >It would seem that having a local university private subnet would be > a > >good solution.. and also this would cut down on people running un- > >authorized servers... > > > On the University Of Twente (The Netherlands) we are allowed to run > our > own servers, and are even encouraged to do so, as there is a lot to > learn from toying around with the different beasts out there. > > >On the router side or NAT you could do port translation and make > things > >further "burried"... > > > >In our environments to eliminate this sort of problem, we issue a > dual > >IP... the private ip range say 192.168.1.xxx or one of the other 3 > >permissible private ranges goes along to the user along with their > >public IP... > > > >Any App server needing to talk to the database must do so on the > local > >IP segment otherwise it won't work... > > > This will work until you have two sql-servers on two locations that > need > to be synchronized. (VPN comes to mind, but not everyone has the > money > or the knowlege to set up such services) > > >I understand that the approach has complexity issues when dealing > with > >fluid usage like your own... The approach does solve a few problems > >when perfected... It makes your databases and other key assets non- > >accessible publically... requiring someone login securely to a > public > >box to access the private resource... > > > > > If you can live with those restrictions, it is a good solution, but > still, if one of these public boxes wasn't as secure as you thought, > someone could still break open your complete network. Security is > only > as good as its weakest link. > > Jesse > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
