This is my question, also: | My question is whether [router] <==> [firewall] <==> [400 http server | configuration] <==> [application level security] <==> [object level | authority] is sufficient? It seems to me that such a | configuration already | provides 5 layers of protection? Given the sophistication of hackers, I'm doubtful. But I don't know the facts, sufficiently. | -----Original Message----- | From: firstname.lastname@example.org | [mailto:email@example.com]On Behalf Of Nathan M. Andelin | Sent: Saturday, December 15, 2001 10:14 PM | To: firstname.lastname@example.org | Subject: Re: Where are all of the /400's going. | | | From: "Joe Pluta" <joepluta@PlutaBrothers.com> | | > If you read the thread, I carefully separated data | > into two categories: secured and unsecured. This | > is a real and vital differentiation. | | My idea of data is what you put in a database, records and fields. In my | experience, the amount of data used for marketing and public awareness is | minimal. Are you thinking otherwise? Or would you agree that there is a | desire to protect the vast majority of data? | | > Unless you have lots of extra processing power, | > there's really no reason to serve static web pages from | > your mission critical machine. | | I agree that CPU is priced at a premimum on the 400. On the other hand, | take into account opperational efficiencies. Web applications and static | pages often share common graphics, style sheets, and other types of files. | It's easier to manage that on a single server as opposed to dividing it | between two servers. | | The management argument works both ways. I've listened to IIS / FrontPage | Webmasters argue to deploy Web applications on an Intel server | for the same | reason. Maybe they simply don't know the 400, and don't want to | learn about | it. Maybe the Webmaster resists having to ask for authorization to set up | directories in the IFS. Just another hassle, in his mind. | | Once you divide data and applications across platforms, watch the | political | turf wars erupt. | | > Mission critical data should reside on a machine | > that is only accessed through encapsulated server requests | > from trusted sources. A middle tier should provide | > connectivity to the Internet. | | My question is whether [router] <==> [firewall] <==> [400 http server | configuration] <==> [application level security] <==> [object level | authority] is sufficient? It seems to me that such a | configuration already | provides 5 layers of protection? | | Nathan M. Andelin | www.relational-data.com | | | _______________________________________________ | This is the Midrange Systems Technical Discussion (MIDRANGE-L) | mailing list | To post a message email: MIDRANGE-L@midrange.com | To subscribe, unsubscribe, or change list options, | visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l | or email: MIDRANGE-Lemail@example.com | Before posting, please take a moment to review the archives | at http://archive.midrange.com/midrange-l. |
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.