Sure, I appreciate the opportunity.
I was basically referring to a webserver on the DMZ, where it's only purpose
is to serve simple webpages. No active content, no scripts, no forms, no
databases, nothing else. If the server itself has had the appropriate mods
performed in relation to the webservice used, as well as to the server
itself, and the only command allowed to it, is the GET command. It should
be secure from unauthorized access from the external side. And if the server
were to become compromised, there'd only be content of the pages. Nothing
more...
All in all, it's a pretty simplistic setup, but that's what I was referring
to. A simple setup where security can be controlled. Of course once you
start adding active content, scripts, etc. you have a myriad of
security-related issues to contend with.
Best Regards, Donald Kelloway
http://www.commodon.com
-----Original Message-----
From: Paul D. Robertson <[EMAIL PROTECTED]>
To: Don Kelloway <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; Peter da Silva
<[EMAIL PROTECTED]>
Date: Sunday, June 20, 1999 9:14 PM
Subject: Re: Why not NT?
>On Sun, 20 Jun 1999, Don Kelloway wrote:
>
>> Geesh!
>>
>> I never said put up a webserver with active content and perl scripts and
>> walk away. If this were the case, of course there'd be security-related
>> issues to be concerned with...
>
>All of which can be exploited via GET, the risk of the Web server on the
>internal network is large compared to the general risk of the Web server
>extant to the internal network. I'm not sure what logic your "there
>shouldn't be anything to worry about" is based on, perhaps you can
>explain your original rationale?
>
>Paul
>---------------------------------------------------------------------------
--
>Paul D. Robertson "My statements in this message are personal opinions
>[EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
PSB#9280
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
