[load balancing] Security Issues with Load Balancing Infrastructure

From: David Waldo (waldoIZZATcos.com)
Date: Wed Feb 28 2001 - 13:01:06 EST

Next message: Titus, Tim: "RE: [load balancing] Security Issues with Load Balancing Infrastr ucture"

Previous message: G. Jules Huang: "RE: HydraGPS load balancing was RE: [load balancing] Verisign and Load Balancers"
Next in thread: tony bourke: "Re: [load balancing] Security Issues with Load Balancing Infrastructure"
Reply: tony bourke: "Re: [load balancing] Security Issues with Load Balancing Infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Two questions about security. In both cases I'm talking
about a route-path, NAT-based load balancing configuration
similar to Figure 4 in Tony Bourke's article at:

http://sysadmin.oreilly.com/news/bourke_1100.html

1) I don't see much point in putting a firewall in front
of this type of configuration, since most NAT-based
load balancers can do packet filtering, and you usually
only want to open up a small number of ports (80, 443, 22?)
anyway. Does anyone have any success stories or warnings
about running in with configuration?

2) In the figure mentioned above, the public and private
networks are VLAN'd on the same switches. Provided sufficient
access restrictions are in place on the switches, are there
security issues with the VLAN config? I rarely see VLAN config
issues mentioned in network security discussions.

Thanks,

Dave Waldo

Next message: Titus, Tim: "RE: [load balancing] Security Issues with Load Balancing Infrastr ucture"
Previous message: G. Jules Huang: "RE: HydraGPS load balancing was RE: [load balancing] Verisign and Load Balancers"
Next in thread: tony bourke: "Re: [load balancing] Security Issues with Load Balancing Infrastructure"
Reply: tony bourke: "Re: [load balancing] Security Issues with Load Balancing Infrastructure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 28 2001 - 12:55:27 EST