Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question re: load balancers as a security device

from [Sanjay R] Network Security [Permanent Link]
Subject: Re: Question re: load balancers as a security device
Date: Wed, 23 Jan 2008 13:22:26 +0530 
Hi..
In short, PURE load balancers are NOT security devices. So, you are
correct. Lets see more below...

On 22 Jan 2008 15:05:28 -0000,  <dan.tesch@comcast.net> wrote:

I'm new to a company that has a large number of sites parked on managed 
servers at a hosting facility - the servers, firewalls and load balancers are 
exclusive to our use but managed by the ISP.


In reviewing our site design I have seen that the VPN between our LAN and the 
hosting facility permits all IP traffic in both directions - effectively 
making these public facing servers part of our LAN in my opinion.


For obvious reasons I'm looking to change this.  Nobody is lobbying against 
the change but a senior developer that was involved in the original design 
points out that because of the load balancers in front of the servers, the 
world at large is not able to touch the machines and thus the potential for 
compromise is limited.


your question started with the change in the design related to LAN-ISP
connecting VPN. Then how come load balancers are coming into picture.
I am saying this assuming that load balancers are for Internet facing
traffic. I may be missing something then or u explianed in hurry.
however, whatever it may be, load balancer are for, well, balancing
load :) One thing you may check if the load balancer has some in-built
security mechanism, like the one from Redware.

-Sanjay



Could I get some comments from this community about how vulnerable or not 
this type of setup might be? I'm looking for specific info related to the 
load balancers not commentary about the corporate LAN in this situation - 
even if the combination of the firewalls and load balancers provide 99.9% 
protection I think it is a bad idea and would most likely not pass PCI 
scrutiny.


Thanks

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






-- 
Computer Security Learner

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Promiscuous mode doesn't work on Intel 3945 wireless, Francesco Orro
Next by Date:  Re: Promiscuous mode doesn't work on Intel 3945 wireless, Antispam
Previous by Thread:  Re: Question re: load balancers as a security device, Robert E. Lee
Next by Thread:  Re: Question re: load balancers as a security device, David Howe
Indexes:  [Date] [Thread] [Top] [All Lists]