Hi java gurus: I have several questions that I was confused about regarding firewall and SSL , since I don?t have experience on the system architecture. Please correct me if I am wrong. 1. SSL have the mechanism to ensure the communication between the client and web server. Since SSL will authenticate both party, and deny illegal access, does this imply that using SSL could replace fire wall in securing the network communication? But this could not be true, any thought? 2. In a VPN, could it be possible using RMI over IIOP to communicate between client and server by SSL? I guess it is ok, since it is possible tuning the data through HTTP. 3. Since VPN is secured connection between client and the server, if it is an overkill to use SSL over VPN connection?
Honk if you hate bumper stickers that say "Honk if ..."
Let me try to answer (I am no expert either) 1. Firewalls are meant to restrict access to networks or parts of networks while SSL is for secure communications (once the parties can communicate). So they have different purposes in life. 2. Yes it should be 3. VPN is not a secured connection between client and server, only the parts that go from the remote machine (client) to the VPN server (or the tunnel that goes over the internet is secure). The traffic from there to the destination (server) may or may not be encrypted. So if you still want to secure the entire communication you need to use SSL. cheers
Joined: May 04, 2002
The idea of using SSL or Firewall or both was coming up with design decision of a system within the budget. In other words, how to build a secured system within limited budget (after Dow down to 7700, it is a reasonable consideration). Say, if SSL could satisfied most security requirement, it would be the first choice, in this case, I could save few dollars on the hardware and/or software for a firewall. For a B2B solution, since client usually carry certificates (in part II, the ticket agents as application clients in a VPN ), the server will deny any accesses from an untrusted party. Since firewall would do the same thing but need to throw more currency from the packet. I would prefer SSL solution if I have a tight budget. It might sounds silly for this question since firewall is regarding the network security, while SSL regarding secure communication. Well, What will happen if a webserver stands out of a DMZ but only allowed SSL connection? Does this server could survive in illegal attacks? And what kind attack would be? If considering the certificates that the client carry would satisfied the security requirement. And assuming the certificates could not be hold by a bully party. cheers /bill