Trusted OS costs much more than regular OS. Trusted solaris give you B-2
level of OS security, but if you cann't secure your content of web site,
it does nothing for you.
Never let people telnet to your web server; use secured ftp server so
users can update their contents but cann't get in your server. of cause,
it won't prevent people hack web pages (usually done via bad cgi-bin
script), but this will protect your web server.
_ming
On Wed, 23 Dec 1998, Paul McNabb stated:
> The solution is trivial.
>
> Stick a trusted OS under his web server. Then he can even let people
> telnet into his web server and they still won't be able to hack it.
>
> paul
>
> > From: [EMAIL PROTECTED] (David Gillett)
> > Date: Tue, 22 Dec 1998 17:17:19 -0800
> >
> > I got chatting at a Christmas party with the owner of a web site
> > who has twice changed ISPs because his site got hacked. He's about
> > given up on ISPs to provide protection, and is looking to set up his
> > own server and protect it.
> > I keep seeing recommendations that HTTP servers should be in the
> > DMZ, but I'm not clear on WHY. Is this, perhaps, to protect the
> > machines on the internal net from a compromised HTTP server? In this
> > case, there wouldn't *be* any "rest" to protect.
> > My inclination is to suggest a proxy machine as firewall, supplied
> > with content from the "real" server behind it. But maybe there's a
> > flaw to this that I haven't quite grasped?
> >
> > David G
>
> ---------------------------------------------------------
> Paul McNabb Argus Systems Group, Inc.
> Vice President and CTO 1809 Woodfield Drive
> [EMAIL PROTECTED] Savoy, IL 61874 USA
> TEL 217-355-6308
> FAX 217-355-1433 "Securing the Future"
> ---------------------------------------------------------
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
============================================================================
Ming Lu Email: [EMAIL PROTECTED]
Sr. Network Engineer Phone: 703-689-5290 (w)
IP Engineering 703-855-4194 (m)
Global One Telecommunications, LLT. 703-689-6575 (f)
============================================================================
"Do not pay attention to every word people say, or you may hear your
servant cursing you ---- for you know in your heart that many times you
yourself have cursed others."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
