[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] SSL Insight
- Subject: RE: [cobalt-security] SSL Insight
- From: "Gary M. Root" <groot@xxxxxxxxxxxxxxx>
- Date: Thu, 29 Aug 2002 18:41:39 -0700
- Organization: Liquid Spark, LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I thought I'd jump in and share something I've been quite pleased with.
We've installed a series of Intel NetStructure 7110's in our cabinets.
They are basically highly-configurable (CLI) SSL accelerators. They
offload SSL processing from your servers and are touted to handle 200
SSL connections/second.
Traffic comes in on a designated port (say 443) and comes out on another
(say 80) destined for the server. On the way back out, it leaves the
Intel on 443 again. You can load many certificates, set timeouts,
spill-over to other units down the line, spill over to servers, etc.
The real kicker is that these units cost $4,000 to $6,000 not too long
ago. Now you can get them on eBay for $175. You'll also see them listed
as Accelar 710's or Ipivot 1000's. Check with Intel about support and
software updates, but if you leave remote management services turned off
(or restricted to your private network), the unit should remain safe and
secure for a long time to come.
Anyway, once you get them configured correctly, they are really great.
Best regards,
Gary
|
|> (by the way I do have it on its own IP.)
|
|If you didn't, it wouldn't work.
|
|Jeff
|--
|Jeff Lasman <jblists@xxxxxxxxxxxxx>
|Linux and Cobalt/Sun/RaQ Consulting
|nobaloney.net, P. O. Box 52672, Riverside, CA 92517
|voice: +1 909 778-9980 * fax: +1 909 548-9484
|_______________________________________________
|cobalt-security mailing list
|cobalt-security@xxxxxxxxxxxxxxx
|http://list.cobalt.com/mailman/listinfo/cobalt-security
|
|