Re: Live so close !!!
- From: ScoopeX <scoopex@xxxxxxxxxxxxx>
- Date: Fri, 27 Jan 2006 16:34:39 +0000
Bikini Whacks wrote:
In article <43uv7tF1p7fk9U1@xxxxxxxxxxxxxx>, chewbury.gubbins@xxxxxxxxxx says...
On 2006-01-27, Skijumptoes <SjT@xxxxxxxxxxx> wrote:
I've never had to use such a thing, i work as system admin but for a very small company but i remember reading up on such methods.
I don't either, as a rule - a publicly accessible server belongs in a datacentre, not hanging off the side of a LAN.
Can you go into any more depth? i.e. what do you call a 'system'?
If you can't be arsed or it takes too much explaining then dont worry, i'm just interested now you've brought it up. :)
No probs - I'm killing time today :) I generally class a 'system' as the components which make up a fully functional intrante/internet/extranet application. For example, a system would be web server software, database server, and bespoke software to provide the site functionality, and any interfaces to back end systems (XMLRPC calls, datafeeds, etc). Note that this is entirely seperate from hardware - it exists purely on an abstract level. The hardware layer might be one or more machines, switches, load balancers, routers, etc.
For a big site - say a bank - I'm typically classing a system as
something like: Router, switch, hardware load balancer, dedicated
firewall. Then we have one or more presentation layer servers (typically
running a light build of something like apache, set up to reverse proxy
dynamic content from the backend servers, running something more meaty -
mod_perl, jakarta tomcat, .net, etc. Behind these layers (let's call
them view and controller, to use the MVC paradigm) we have the model -
the data being operated on. Generally a big DB box.
The DB box will have its own dataset and may be updated / fed / augmented from backend systems - stock prices, interest rates, special offers etc - either via a feed or a content management system running on the Controller. The controller does all the number crunching. The view renders it out.
A lot of companies tend to shove the whole lot (except the view) behind a firewall and consider it secure. Which it generally is, unless the firewall is compromised. I tend to add a bit of extra shininess by running software firewalls on the individual boxes and making sure they're only running those services necessary. I also tend to have two intrusion detection devices (basically just low end boxes with the ethernet device in promiscuous mode) which sniff the traffic through the switch looking for patterns.
I'm very proud of my record to date and I have been looking after some big targets - government sites tend to see upwards of 300 attacks per day.
Anyhoo, I should probably shut up now cos this has gone waaaaay off topic :)
Choobs
*plonk*
Dont plonk him he has the power of nominet to back him up.
lol. :)
-- XBL Gamertag: ScoopeX Currently Playing - Halo 2 - XBOX 360. Xbox.com - Founding member. :) CD PLAY : Shapeshifters - incredible extended album version .
- References:
- Live so close !!!
- From: Martin C
- Re: Live so close !!!
- From: nonameman
- Re: Live so close !!!
- From: Martin C
- Re: Live so close !!!
- From: Skijumptoes
- Re: Live so close !!!
- From: Martin C
- Re: Live so close !!!
- From: Skijumptoes
- Re: Live so close !!!
- From: Sir Chewbury Gubbins
- Re: Live so close !!!
- From: Beck
- Re: Live so close !!!
- From: Sir Chewbury Gubbins
- Re: Live so close !!!
- From: Skijumptoes
- Re: Live so close !!!
- From: Sir Chewbury Gubbins
- Re: Live so close !!!
- From: Skijumptoes
- Re: Live so close !!!
- From: Sir Chewbury Gubbins
- Re: Live so close !!!
- From: Bikini Whacks
- Live so close !!!
- Prev by Date: Re: Just Got DOA4
- Next by Date: Re: Just Got DOA4
- Previous by thread: Re: Live so close !!!
- Next by thread: Re: Live so close !!!
- Index(es):
Relevant Pages
|
