Re: Reverse Proxy Server?

On Tue, May 27, 2003, Bob Lee wrote:

...

> Trusting IP addresses is not a very safe or scalable practice. You have

Not true. Granting a small set of IP's access to your server nearly nullifies the possibility of a portscanner discovering a vulnerability in your server. It is much safer than not doing so. That is not to say that you should forego passwords and encryption, if that's what you meant.

It may or may not be scalable, depending on your situation. NAT may not be a problem if you are granting access to an entire organization. Dynamic IP's are usually within a narrow range, so easily handled. Also ARP poisoning is an extra hurdle that the determined cracker has to get around.

You should limit IP access to all services where it's practical.

--Don Received on Wed May 28 08:36:53 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek