Linked by Thom Holwerda on Thu 5th May 2011 21:07 UTC, submitted by sawboss
Games There's fail, there's epic fail, and then there's Sony. You may've thought it wasn't possible, but Sony has just outdone itself on the fail scale, forcing us to add yet another notch. During the congressional testimony this morning, Dr Gene Spafford of Purdue University revealed just how badly Sony managed its Playstation Network servers. It's... Bad.
Permalink for comment 472336
To read all comments associated with this story, please click here.
Member since:

Having ipfiltering on the same machine that is running Apache is pointless. If the attacker successfully breaks in there there is nothing stopping him from removing all the ipfilters, too. That's why you should always have a separate firewall that can only be managed from inside the internal network between Internet-side servers and the internal network.[/quote]

Nope, it is not pointless. It prevents the admin from making a mistake in opening another app by mistake or due to a problem with an update process.

It is another layer of defense. I you know your Apache box is only supposed to be listening on port 80/443 then put the IP filter in there. It may just protect you from an internal compromise.

Reply Parent Score: 1