Is NAT can provide some kind of protection?
Jack Bates
jbates at brightok.net
Thu Jan 13 18:11:27 UTC 2011
On 1/13/2011 11:56 AM, William Herrin wrote:
> So all the folks who use reverse proxies like an http accellerator are wrong?
>
>
They have their purpose. However, depending on the security rating of
the accelerator versus the security rating of the backend server will
depend on the negative or positive effect it has on overall security.
1) If backend server has low security rating and proxy also serves to
protect backend server flaws, then the proxy has a positive security rating.
2) If backend server is similar or better security rating than the
proxy, then the proxy server has a negative security rating, as it has
introduced a second application in the channel which can possibly be
exploited. ie, you have to worry about backend server security as well
as the proxy security, and exploiting either can possibly compromise
security for both.
Jack
More information about the NANOG
mailing list