|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Reverse Proxy Server?
From: Don Felgar (dfelgar
rainier-infosys.com)
Date: Tue May 27 2003 - 18:25:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 27, 2003, Bob Lee wrote:
...
> Trusting IP addresses is not a very safe or scalable practice. You have
> NAT, dynamic IPs, ARP poisoning, etc.
>
> Bob
Not true. Granting a small set of IP's access to your server nearly
nullifies the possibility of a portscanner discovering a vulnerability
in your server. It is much safer than not doing so. That is not to
say that you should forego passwords and encryption, if that's what
you meant.
It may or may not be scalable, depending on your situation. NAT may
not be a problem if you are granting access to an entire organization.
Dynamic IP's are usually within a narrow range, so easily handled.
Also ARP poisoning is an extra hurdle that the determined cracker has
to get around.
You should limit IP access to all services where it's practical.
--Don
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]