Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: McCammon, Keith (Keith.McCammonEADVANCEMED.COM)
Date: Fri Apr 27 2001 - 13:49:33 CDT
This is actually a great idea. I've set this up for a client in the past
who wanted added measures in place in the event of a defacement. We set up
a staging server with firewalls on both sides, and set up a scheduled job to
run at set intervals. When the job ran, it would stop the w3svc, causing
the content verification on the load balancing server to fail (so public
requests would be re-routed). Then it would purge the web root and reload
from the staging server via an FTP script. W3svc would restart, and off it
The staging server would do the same thing at greater intervals from an
internal data store. Pretty solid!
From: Bragg Michael (npl1mcb) [mailto:npl1mcbUPS.COM]
Sent: Thursday, April 26, 2001 4:16 PM
Subject: Re: Installing hotfixes
ACK. However, one suggestion which I have heard tossed about is to have
your webserver in the DMZ/"barrier reef" update its data at some preset
interval (e.g., every hour or two hours) from a server inside the firewall.
Set the firewall for one-way (internal -> external) data transfer, and even
if some kidiot does deface the page, you're back to previous configuration
in a few hours anyway. Perhaps a bit inefficient in terms of data
duplication, but hey, a little redundancy is a good thing, right?
Any suggestions/comments/flames/death threats you good folks have are
welcome and encouraged...
United Parcel Service
Technology Support Group