[Orca-users] Re: Anyone using Orca with rsync?

Ade Rixon ade.rixon at big-bubbles.fluff.org
Sun Nov 23 13:33:57 PST 2003


22 Nov 11:18:29 PM: Meanwhile in the Sheraton, Sean O'Neill wrote:
> In a DMZ type situation as you have described, I would take your advice as it
> is obviously the right thing to do.  But many environments I've worked in,
> unfortunately, don't always follow this topology.  Those nasty beasts called
> the "management network" or even "backup network" always seems to crop up.  

I've never really understood how anyone can implement a secondary network
on a multi-tier topology without effectively bypassing the firewalls
(unless the management net is also firewalled at the same boundaries).

Nevertheless, even so it would surely be easier to lock the critical host
down tightly than allow SSH from everything?

> The ramifications for every change, VLAN, "allow in" or
> "allow out" much be looked at carefully and considered against the
> entire security profile of an environment.

Indeed, which is why perhaps it is unwise to promulgate a single solution
in the FAQ.

Cheers,
Ade_
  /
-- 
[   Ade Rixon || http://www.big-bubbles.fluff.org/ || ade.rixon at bigfoot.com   ]
 "Between these walls and darkened halls, I've done my time,
  If I should die before I wake then you'll know why"
					- "My Lover's Box", Garbage



More information about the Orca-users mailing list