> > That leaves the question of whether the web server is behind the same
> > firewall that your LAN is. Here you have to balance security with
> > convenience:
> >
> > 1. How difficult is it for the folks that maintain the web server to get
> > OUT the
> > firewall to maintain the machine? If they are very unsophisticated,
> > they may
> > not be able to handle anything more difficult than dragging
> > and dropping
> > from
> > their desktop to the web server's file system, which means
> > you might be
> > facing
> > a *lot* of work to put a firewall between them and the web server.
>
>
> Do you really want an unsophisticated web master?
Sometimes, while having all the choice in the world with soft/hard wares
for a security solution, one has no choice in the meatwares who have to
run the stuff.
On one job I ended up physically putting the webserver on the desk of the
GUI-click-happy web admin, but its network location was beyond the
firewall in a DMZ. He couldn't be bothered to learn how to sftp through
the bastion host. Sneaker-net is often the most secure given *all* the
paramaters of a given network.
best of luck.
spiff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
