> > >It would seem that having a local university private subnet would be a >good solution.. and also this would cut down on people running un- >authorized servers... > On the University Of Twente (The Netherlands) we are allowed to run our own servers, and are even encouraged to do so, as there is a lot to learn from toying around with the different beasts out there.
>On the router side or NAT you could do port translation and make things >further "burried"... > >In our environments to eliminate this sort of problem, we issue a dual >IP... the private ip range say 192.168.1.xxx or one of the other 3 >permissible private ranges goes along to the user along with their >public IP... > >Any App server needing to talk to the database must do so on the local >IP segment otherwise it won't work... > This will work until you have two sql-servers on two locations that need to be synchronized. (VPN comes to mind, but not everyone has the money or the knowlege to set up such services) >I understand that the approach has complexity issues when dealing with >fluid usage like your own... The approach does solve a few problems >when perfected... It makes your databases and other key assets non- >accessible publically... requiring someone login securely to a public >box to access the private resource... > > If you can live with those restrictions, it is a good solution, but still, if one of these public boxes wasn't as secure as you thought, someone could still break open your complete network. Security is only as good as its weakest link. Jesse ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
