We're (the whole community) still having a lot of problems related to web
sites been hacked. What should be the best solution to this thread ?
Well, one thing we can't even think is to push the web servers inside
the internal network (urgh!). With all those cgi obscure holes, it would
represente an extreme thread to your network.
As the whole solution is based in the programs written by humans, the
only way to get rid of those security holes is to implemente a secure
coding culture and prevention. The DMZ position of the web servers is not
wrong at all. What's wrong in this situation is the human activity.
A security culture is the only way out.
Regards,
-condor
www.sekure.org
s e k u r e
pgp key available at: http://condor.sekure.org/condor.asc
On Tue, 22 Dec 1998, David Gillett wrote:
> I got chatting at a Christmas party with the owner of a web site
> who has twice changed ISPs because his site got hacked. He's about
> given up on ISPs to provide protection, and is looking to set up his
> own server and protect it.
> I keep seeing recommendations that HTTP servers should be in the
> DMZ, but I'm not clear on WHY. Is this, perhaps, to protect the
> machines on the internal net from a compromised HTTP server? In this
> case, there wouldn't *be* any "rest" to protect.
> My inclination is to suggest a proxy machine as firewall, supplied
> with content from the "real" server behind it. But maybe there's a
> flaw to this that I haven't quite grasped?
>
> David G
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
