The solution is trivial.
Stick a trusted OS under his web server. Then he can even let people
telnet into his web server and they still won't be able to hack it.
paul
> From: [EMAIL PROTECTED] (David Gillett)
> Date: Tue, 22 Dec 1998 17:17:19 -0800
>
> I got chatting at a Christmas party with the owner of a web site
> who has twice changed ISPs because his site got hacked. He's about
> given up on ISPs to provide protection, and is looking to set up his
> own server and protect it.
> I keep seeing recommendations that HTTP servers should be in the
> DMZ, but I'm not clear on WHY. Is this, perhaps, to protect the
> machines on the internal net from a compromised HTTP server? In this
> case, there wouldn't *be* any "rest" to protect.
> My inclination is to suggest a proxy machine as firewall, supplied
> with content from the "real" server behind it. But maybe there's a
> flaw to this that I haven't quite grasped?
>
> David G
---------------------------------------------------------
Paul McNabb Argus Systems Group, Inc.
Vice President and CTO 1809 Woodfield Drive
[EMAIL PROTECTED] Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433 "Securing the Future"
---------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
