Don't EVER, EVER, EVER allow Internet
access to a web server that isn't on
a DMZ. The SSL issue is superfluous. The
fact that they would ask for that shows that
they haven't clue one about security, and will
be coding many CGI holes awaiting exploitation,
and from there, attack of your internal machines.
Of course, that's just my opinion.
dave kaas <dave_kaas @
gov> on 03/04/98 03:13:10 PM
To: firewalls @
cc: (bcc: Ryan Russell/SYBASE)
Subject: SSL through a firewall
We have a group that wants to put up a WEB server on our internal
network that is accessible from the Internet. It would be an NT 4.0
system with IIS 4.0 with access via a SSL hole through the firewall.
There are CGI scrpts/C-code that access the data and format it to send
back to the client. Should we be worrried? What should we be concerned
Dave Kaas Internet: dave_kaas @
Lockheed Martin Services Phone: (509) 376-6386
United States Department of Energy, Richland, WA