Yes, the poster did ask where (In front or behind the firewall?) the best
place for the webserver and I replied "preferably in the DMZ". And yes,
it's true that a website's content will change over time. When it occurs
then the implementation of security changes with it.
Yes, I remember Gopher. I didn't like it that much...
Best Regards, Donald Kelloway
http://www.commodon.com
-----Original Message-----
From: Paul D. Robertson <[EMAIL PROTECTED]>
To: Don Kelloway <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; Peter da Silva
<[EMAIL PROTECTED]>
Date: Sunday, June 20, 1999 10:02 PM
Subject: Re: Why not NT?
>On Sun, 20 Jun 1999, Don Kelloway wrote:
>
>> Sure, I appreciate the opportunity.
>>
>> I was basically referring to a webserver on the DMZ, where it's only
purpose
>
>Ok, this is the major point of disconnect - the orignal poster asked
>about putting the server inside the firewall.
>
>> is to serve simple webpages. No active content, no scripts, no forms, no
>> databases, nothing else. If the server itself has had the appropriate
mods
>> performed in relation to the webservice used, as well as to the server
>> itself, and the only command allowed to it, is the GET command. It
should
>> be secure from unauthorized access from the external side. And if the
server
>> were to become compromised, there'd only be content of the pages. Nothing
>> more...
>
>There is still risk in servers with static content, but as has been
>pointed out, the biggest issue is that the Web site will probably
>change. Static sites are much, much easier to audit though.
>
>> All in all, it's a pretty simplistic setup, but that's what I was
referring
>> to. A simple setup where security can be controlled. Of course once you
>> start adding active content, scripts, etc. you have a myriad of
>> security-related issues to contend with.
>
>Yep, my experience is that those changes will happen rather quickly and
>rather arbitrarily after meetings that the mean security guy didn't get
>invited to and doesn't have time to attend anyway. YMMV obviously, I
>just think it's important to paint the bigger picture in this case. In
>an ideal world, Web sites would be fairly static and managable. Useless
>enough to discourage visitors helps with security too!
>
>Personally, I liked gopher. ;)
>
>Paul
>---------------------------------------------------------------------------
--
>Paul D. Robertson "My statements in this message are personal opinions
>[EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
PSB#9280
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
