I got chatting at a Christmas party with the owner of a web site
who has twice changed ISPs because his site got hacked. He's about
given up on ISPs to provide protection, and is looking to set up his
own server and protect it.
I keep seeing recommendations that HTTP servers should be in the
DMZ, but I'm not clear on WHY. Is this, perhaps, to protect the
machines on the internal net from a compromised HTTP server? In this
case, there wouldn't *be* any "rest" to protect.
My inclination is to suggest a proxy machine as firewall, supplied
with content from the "real" server behind it. But maybe there's a
flaw to this that I haven't quite grasped?
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
