I agree with you, unless the RP can show a justifaible increase in security,
don't further complicate the situation. This could also introduce the
potential for confiuration errors, potentially lowering the security
posture. Not to mention if the RP is compromised and a Remote Access Trojan
or a sniffer is installed all traffic can be snooped since this box is now
decrypting the packets before sending them on. If you are talking about a RP
using MS Proxy 2.0 the compromise scenario is highly likely, without extreme
precautions since you are showing this server in front of the firewall.
Locating the RP in a DMZ would make it possible to adequatley secure,
although I still don't like the idea for the snooping reason again. What
benefit is there to decrypting the traffic at a RP prozy, unless it is then
passed through a good (Open to interpretation and familiarity) firewall.
Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible thing to Waste!"
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter Bruderer
Sent: Thursday, February 15, 2001 6:03 AM
To: [EMAIL PROTECTED]
Subject: Reverse proxy
Hi there
I am in a discussion about using a reverse proxy or not.
The situation: A browser connects to a webserver which transfers the
HTTP requests into SQL queries using stored procedures. The connection
from the browser to the webserver is encrypted (SSL/TLS). Between the
browser and the webserver and between the webserver and the database
server is a firewall. This firewall does IP defragmentation and acts
as a SYN proxy.
(B)+++(FW)+++(HTTPS-SQL)---(FW)---(DB)
++ = HTTPS
-- = SQL
One stance: To increase security some people want to put a reverse
proxy between the browser and the webserver. The reverse proxy
terminates the SSL connection and passes standard HTTP to the
webserver. The reason: buffer overflows are stopped at the reverse
proxy. A network based IDS can detect attacks in the datastream.
(B)+++(FW)+++(RP)...(FW)...(HTTP-SQL)---(FW)---(DB)
+++ = HTTPS
... = HTTP
--- = SQL
The stance of my side: Just to increase security the additional
reverse proxy is useless. Reason: It does no protocol conversion,
it does no authentication. Buffer overflow attacks are not stopped
at the reverse proxy, because it is just copying data from one socket
to an other after decryting it. Low level IP attacks are handled by
the firewall. Attacks in the datastream are detected in the webserver
logfiles.
>From the people wanting the additional reverse proxy I do not get any
facts. The only reason for the reverse proxy is: "I have the feeling ..."
Am I wrong? Do I overlook something? Can someone give me some facts
why the additional reverse proxy really increases security?
Thanks
Peter
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
