[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Creating a secure development environment

PeterJ do-not-reply at jboss.com
Wed Oct 17 11:10:45 EDT 2007 

I do not see how a worm could propagate through the JBoss app servers if those app server are not opening ports accessible by remote hosts. You cannot get at the app server if it does not provide you with an opening. By binding to localhost, the app server could be considered just another desktop application. Heck, any application can send traffic out to the network, that's what outbound firewalls are for (and why Windows Firewall is a joke), to stop such traffic.

I do not see why they could not shutdown and patch your desktops if the JBoss app server is running. I think they are confusing production machines with desktop development machines. If your desktop reboots to apply a patch, who cares that the app server is down? Only you. But then your whole desktop rebooted so it is not like you could do anything anyway.

One solution that we implemented was to take offending machines and place then on a private network. Several of our machines could not be upgraded to meet corporate security requirements for various reasons, so we placed them all on a separate network with their own routers, etc. We then took a "corporate approved" machine on the corporate network, added in a second NIC and connected that NIC to the private network. To gain remote access to a machine on the private network, we remote desktop (or VNC) to the "bridge" machine, and from there remote desktop (or VNC) to the desired machine.

I think in your situation I would ask for a second desktop (most places have older PCs sitting around), hook the second desktop to the corporate network to do email, etc. Then take my primary desktop off the network and do my development work in peace. If several people in your group are in the same situation, you could network all of the development PCs and perhaps get another PC to host the database. You could even use that PC as the "bridge" to the corporate network.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4096139#4096139

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4096139

More information about the jboss-user mailing list