Security Basics mailing list archives
Re: A Good Reverse Proxy Product
From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 30 Apr 2008 19:16:01 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Guibord wrote:
Greetings to all, We have a new MS Exchange server and the administrator wants to provide remote Outlook Web Access access to it from the internet. As opposed to having a direct outside to inside translation to it I was told that we could put a reverse proxy server in the DMZ and then provide a DMZ to inside translation form there. First of all does this sound like the safest approach and if so can anyone provide the name of a good stable/secure reverse proxy product. Thanks, Paul
Paul, Besides remote web access for Lookout -- I'm sorry, I mean Outlook -- what other factors are driving this request / need? -- Caching data for frequently visited sites? -- Restricting what can be accessed on the web? -- Network admission control? -- Malware scanning? -- Cost? -- Performance? I never trust software to do anything that cheap hardware can do better. Any NAT functionality is functionality best performed by a router or firewall. What type of network connection to you have? -- DSL? Get a Cisco877 SEC K9. It supports inbound static NAT. But, even better, it supports SSL VPNs for web access to internal services such as email -- and other high-end security features not found on most DSL routers. (Plus, it is a lot cheaper than buying a windows box and ISA!) -- T1 to 4xT1? Get a Cisco2811. Supports all of the above and more. -- > 4xT1? You definitely do NOT want a proxy like ISA! Again, always go with hardware! It may sometimes cost a few more $$ up front, but any difference will pay for itself in no time at all. Now if your REALLY have security as an objective, you want to look at something like websense or surfcontrol. I like websense primarily because you can do content filtering on the fly in any of the 28xx or 87x series routers. You would be surprised how much less malware you will get with such a solution. DISCLAIMER: I am not associated with any of the vendors or products I mentioned above. Hope this helps! Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgY/bEACgkQUVxQRc85QlN+bgCfdLX+R9O4w59po82tzCE/D9D+ kf4AmwdsDPcl6oBPUsPHhlX5Oor06jo9 =oLYd -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Current thread:
- Re: A Good Reverse Proxy Product Jon Kibler (May 01)
- Re: A Good Reverse Proxy Product Adriel Desautels (May 01)
- <Possible follow-ups>
- RE: A Good Reverse Proxy Product Dan Lynch (May 01)
- Re: A Good Reverse Proxy Product Aaron Howell (May 02)
- Re: A Good Reverse Proxy Product Adriel Desautels (May 05)
- Re: A Good Reverse Proxy Product Aaron Howell (May 02)
- Re: A Good Reverse Proxy Product Aiko Barz (May 02)
- Re: A Good Reverse Proxy Product David Glosser (May 05)