[load balancing] Security Issues with Load Balancing Infrastructure

From: David Waldo (waldoIZZATcos.com)
Date: Wed Feb 28 2001 - 13:01:06 EST

  • Next message: Titus, Tim: "RE: [load balancing] Security Issues with Load Balancing Infrastr ucture"

    Two questions about security. In both cases I'm talking
    about a route-path, NAT-based load balancing configuration
    similar to Figure 4 in Tony Bourke's article at:

            http://sysadmin.oreilly.com/news/bourke_1100.html

    1) I don't see much point in putting a firewall in front
    of this type of configuration, since most NAT-based
    load balancers can do packet filtering, and you usually
    only want to open up a small number of ports (80, 443, 22?)
    anyway. Does anyone have any success stories or warnings
    about running in with configuration?

    2) In the figure mentioned above, the public and private
    networks are VLAN'd on the same switches. Provided sufficient
    access restrictions are in place on the switches, are there
    security issues with the VLAN config? I rarely see VLAN config
    issues mentioned in network security discussions.

    Thanks,

    Dave Waldo



    This archive was generated by hypermail 2b30 : Wed Feb 28 2001 - 12:55:27 EST