[Mailman-Developers] MailMan-Traffic

[Chuq Von Rospach]

On 4/25/02 3:11 AM, "Carson Gaspar" <carson@taltos.org> wrote:


> Speaking as someone who has just a few years of computer security
> experience, the above proposal accomplishes just about nothing,
> security-wise.

Speaking as someone who also does, who lives with someone who did it for a
living for a while, and went over this with some really sharp security
folks, you're not correct.

To start, you've forgotten the issue of multi-pronged attacks. The more
services a single box supports, the more chances you have that a cracker can
find a multi-service attack mode.

But by moving the data from the list machine in the border zone inside the
main firewall, it also makes that data less prone to attack from cracked
machines elsewhere in the DMZ. If the data is on the box, a cracker could
potentially get it by cracking into the DMZ anywhere and then cracking the
database. By moving it and configuring the firewalls properly, they'd have
to crack ONTO the list machine and then crack the data connection through
the firewall. 

So it does far from nothing. It significantly limits the ability to get at
that data, both by simplifying the services on the DMZ box, limiting attack
angles, and by requiring they crack ONTO that box to have possible access to
it, not just cracking ANY box on the DMZ (most of which I don't control).

Huge improvements in security, because it removes a lot of variables,
especially in areas where you don't have control

Chuq

-- 
Chuq Von Rospach, Architech
chuqui@plaidworks.com -- http://www.chuqui.com/

Very funny, Scotty. Now beam my clothes down here, will you?