Hmmmm...... None of our Intranet sites running SSL except for our VPN Concentrator which doesn't count as intranet. Our network is built with 2 Firewalls (Service and Internet) both with redundant backups (so 4 total) Our E-commerce sites sit in between the 2 firewalls and are totally Isolated from our intranet which is behind both firewalls.
Unfortunatly you do run the risk of having a hacker on staff that could sniff your traffic but SSL is not going to prevent them from getting the info if they really want it. As per Visa CISP SSL is only required for remote Users(VPN,Secure Remote) accessing intranet servers. Other requirements are all sensitive Card Holder data should be encrypted at 128-bit 3DES with a secure device doing Encrypt/Decrypt like an nCipher. Our HR stuff is also segmented. -- ~Eric ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255076 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
