[3340] in WWW Security List Archive
Re: www web security !
daemon@ATHENA.MIT.EDU (Jari Pirhonen)
Wed Oct 23 06:43:09 1996
Date: Wed, 23 Oct 1996 11:50:09 +0200
From: Jari Pirhonen <japi@finland.hp.com>
To: Alex Filacchione <alexf@iss.net>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Alex Filacchione wrote:
>
> ->
> ->Why should you not put your web server BEHIND a firewall? It opens up
> your
> ->internal network (it provides a path through your firewall. All someone
> ->needs to do is compromise your webserver, not your firewall then)
>
> I would not put it behind the firewall if it was intended primarily for
> EXTERNAL use
Just to let you know about this interesting HP Product,
goto http://www.hp.com/go/security and check VirtualVault.
It's basically B1-level HPUX running Netscape Commerce Servers.
Idea is that B1-level operating system secures the web server
node so, that WHEN someone breaks to the system using some
web server related bug, he/she can't remove/modify anything
or get access to internal network.
VirtualVault is a "gateway" between Internet and internal network
and all SSL traffic is routed to it. We need a firewall also to
protect our internal network from non-SSL traffic.
Jari Pirhonen
HP Finland
-- japi@finland.hp.com
-- http://www.hpfin.fi/pso/koulutus/japi.html
-- 4B 06 EF C3 B3 A1 AE 5E B8 3D 3A A6 A1 EF A1 F7 (PGP)
"All work and no play makes Jack a dull boy"
