[134970] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (William Herrin)
Thu Jan 13 13:14:58 2011
In-Reply-To: <4D2F404F.90204@brightok.net>
From: William Herrin <bill@herrin.us>
Date: Thu, 13 Jan 2011 13:14:27 -0500
To: Jack Bates <jbates@brightok.net>
Cc: "nanog@nanog.orglist" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 13, 2011 at 1:11 PM, Jack Bates <jbates@brightok.net> wrote:
> On 1/13/2011 11:56 AM, William Herrin wrote:
>> So all the folks who use reverse proxies like an http accellerator are
>> wrong?
>
> They have their purpose. However, depending on the security rating of the
> accelerator versus the security rating of the backend server will depend =
on
> the negative or positive effect it has on overall security.
>
> 1) If backend server has low security rating and proxy also serves to
> protect backend server flaws, then the proxy has a positive security rati=
ng.
>
> 2) If backend server is similar or better security rating than the proxy,
> then the proxy server has a negative security rating, as it has introduce=
d a
> second application in the channel which can possibly be exploited. ie, yo=
u
> have to worry about backend server security as well as the proxy security=
,
> and exploiting either can possibly compromise security for both.
That's what I think. I'm curious what Roland thinks.
-Bill
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
