Posted: Fri Mar 05, 2004 12:17 pm
Purposely - I specifically said his architecture was a good start, and was a sound design. However, there are possible improvements, which I explained. Wasn't trying to be discouraging/difficult - was offering "the best is" advice.penguinboy wrote:I think Roja is over complicating things.
I disagree with that. The public webserver could be a weaker link - if its compromised, the attacker has access to all of the machines listed, the data, and more. While he is limited to a single point of attack (the listening webserver on a single port), if that webserver were to be compromised, thats the only thing the attacker would need to get everything he wants - data, machines, and more.penguinboy wrote: Your weakest link will be the public firewall;
disabling remote administration would secure it.
(I happen to completely agree with the rest of your post)