HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Moving http upload/download application from insid...
Operating System - HP-UX
1827876
Members
1552
Online
109969
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2003 11:26 AM
02-18-2003 11:26 AM
Moving http upload/download application from inside the firewall to DMZ
Hi
I have a http upload and download application that I am thinking of moving from inside company network to DMZ.
I am aware that I need to open up certain ports to get to the database.
Question is: How does the the http upload/download performance changes in moving the app within the network to DMZ
I have a http upload and download application that I am thinking of moving from inside company network to DMZ.
I am aware that I need to open up certain ports to get to the database.
Question is: How does the the http upload/download performance changes in moving the app within the network to DMZ
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2003 11:45 AM
02-18-2003 11:45 AM
Re: Moving http upload/download application from inside the firewall to DMZ
You will need a registered Internet IP for the DMZ machine, but you already knew that. In opening the ports, you will want to check for the originating IP of the DMZ machine and only allow those commands into the ports, but that should be a function of your firewall.
Performance should not be that much different but it is dependant on how fast your firewall machine is in passing the packets.
Protecting the DMZ machine is the real key here, as it will be the machine with access to the inside.
If this does not help, I may not have understood the question.
Performance should not be that much different but it is dependant on how fast your firewall machine is in passing the packets.
Protecting the DMZ machine is the real key here, as it will be the machine with access to the inside.
If this does not help, I may not have understood the question.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2003 12:20 PM
02-18-2003 12:20 PM
Re: Moving http upload/download application from inside the firewall to DMZ
If the firewall machines are fast enough to handle the load you should be okay there.
You need to worry about your HP-UX box getting hacked.
Here are a coulple of good ways to prevent that.
Prior to the move, install and run this utility... Bastille Security hardening tool.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProducts.pl?group_type=search&group_name=Bastille&search_free=1&search_trial=1&search_buy=1
Bastille will improve UX performance if you let it by letting you disable insecure and obsolete daemons.
Also useful is security_patch_check
https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6834AA&date=
Bastille give you the option of scheduling this puppy in cron, but it helps keep you up to date on security patches.
You also want to stop using telnet with this box and use secure shell which transmits passwords encrypted.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProducts.pl?group_type=search&group_name=Secure+Shell&search_free=1&search_trial=1&search_buy=1
Attached is a cookbook for installation and exchange of public keys.
Last, go through the box and rip out every network service you don't need. If you don't use BIND, don't have it on the box. etc
SEP
You need to worry about your HP-UX box getting hacked.
Here are a coulple of good ways to prevent that.
Prior to the move, install and run this utility... Bastille Security hardening tool.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProducts.pl?group_type=search&group_name=Bastille&search_free=1&search_trial=1&search_buy=1
Bastille will improve UX performance if you let it by letting you disable insecure and obsolete daemons.
Also useful is security_patch_check
https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6834AA&date=
Bastille give you the option of scheduling this puppy in cron, but it helps keep you up to date on security patches.
You also want to stop using telnet with this box and use secure shell which transmits passwords encrypted.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProducts.pl?group_type=search&group_name=Secure+Shell&search_free=1&search_trial=1&search_buy=1
Attached is a cookbook for installation and exchange of public keys.
Last, go through the box and rip out every network service you don't need. If you don't use BIND, don't have it on the box. etc
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP