[Mailman-Developers] MailMan-Traffic
Tanner Lovelace
lovelace@wayfarer.org
25 Apr 2002 13:23:16 -0400
On Thu, 2002-04-25 at 10:33, Chuq Von Rospach wrote:
> On 4/25/02 3:11 AM, "Carson Gaspar" <carson@taltos.org> wrote:
> But by moving the data from the list machine in the border zone inside the
> main firewall, it also makes that data less prone to attack from cracked
> machines elsewhere in the DMZ. If the data is on the box, a cracker could
> potentially get it by cracking into the DMZ anywhere and then cracking the
> database. By moving it and configuring the firewalls properly, they'd have
> to crack ONTO the list machine and then crack the data connection through
> the firewall.
Don't forget, however, that since the list machine must get
at the data somehow, you now have one more opening through
your main firewall that must be secured/monitored/etc...
So, basically, it's a trade off.
Tanner
--
Tanner Lovelace | lovelace@wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
He who receives an idea from me, receives instruction himself
without lessening mine; as he who lights his taper at mine,
receives light without darkening me. -- Thomas Jefferson