nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: William Herrin <bill () herrin us>
Date: Thu, 13 Jan 2011 13:14:27 -0500
On Thu, Jan 13, 2011 at 1:11 PM, Jack Bates <jbates () brightok net> wrote:

On 1/13/2011 11:56 AM, William Herrin wrote:

So all the folks who use reverse proxies like an http accellerator are
wrong?


They have their purpose. However, depending on the security rating of the
accelerator versus the security rating of the backend server will depend on
the negative or positive effect it has on overall security.

1) If backend server has low security rating and proxy also serves to
protect backend server flaws, then the proxy has a positive security rating.

2) If backend server is similar or better security rating than the proxy,
then the proxy server has a negative security rating, as it has introduced a
second application in the channel which can possibly be exploited. ie, you
have to worry about backend server security as well as the proxy security,
and exploiting either can possibly compromise security for both.


That's what I think. I'm curious what Roland thinks.

-Bill


-- 
William D. Herrin ................ herrin () dirtside comĀ  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: