Is NAT can provide some kind of protection?

William Herrin bill at herrin.us
Thu Jan 13 18:14:27 UTC 2011


On Thu, Jan 13, 2011 at 1:11 PM, Jack Bates <jbates at brightok.net> wrote:
> On 1/13/2011 11:56 AM, William Herrin wrote:
>> So all the folks who use reverse proxies like an http accellerator are
>> wrong?
>
> They have their purpose. However, depending on the security rating of the
> accelerator versus the security rating of the backend server will depend on
> the negative or positive effect it has on overall security.
>
> 1) If backend server has low security rating and proxy also serves to
> protect backend server flaws, then the proxy has a positive security rating.
>
> 2) If backend server is similar or better security rating than the proxy,
> then the proxy server has a negative security rating, as it has introduced a
> second application in the channel which can possibly be exploited. ie, you
> have to worry about backend server security as well as the proxy security,
> and exploiting either can possibly compromise security for both.

That's what I think. I'm curious what Roland thinks.

-Bill


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list