On 25 Apr 2002 13:23:16 -0400 Tanner Lovelace <[EMAIL PROTECTED]> wrote:
> On Thu, 2002-04-25 at 10:33, Chuq Von Rospach wrote: >> On 4/25/02 3:11 AM, "Carson Gaspar" <[EMAIL PROTECTED]> wrote: >> But by moving the data from the list machine in the border zone >> inside the main firewall, it also makes that data less prone to >> attack from cracked machines elsewhere in the DMZ. If the data is on >> the box, a cracker could potentially get it by cracking into the DMZ >> anywhere and then cracking the database. By moving it and configuring >> the firewalls properly, they'd have to crack ONTO the list machine >> and then crack the data connection through the firewall. > Don't forget, however, that since the list machine must get at the > data somehow, you now have one more opening through your main firewall > that must be secured/monitored/etc... So, basically, it's a trade > off. Not necessarily. Just put in an additional DMZ layer so that you have a different network segment used for data servers than for public servers. (I'm running exactly this setup with my home network: public net, public DMZ net, private DMZ net, in-house net (desktops etc), 802.11b net -- each a physically distinct network segment). -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. [EMAIL PROTECTED] He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
