Re: A Good Reverse Proxy Product

[Adriel Desautels <adriel () netragard com>]

Paul,
 	I'm fairly fond of custom reverse proxies with Mod Security built in. 
We've built and deployed quite a few of those. When they are configured 
right they provide a pretty decent layer of defense.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Jon Kibler wrote:
> Paul Guibord wrote:
> > Greetings to all,
>
> > We have a new MS Exchange server and the administrator wants to provide remote Outlook Web Access access to it from the 
> > internet.
> > As opposed to having a direct outside to inside translation to it I was told that we could put a reverse proxy server 
> > in the DMZ and then provide a DMZ to inside translation form there.
>
> > First of all does this sound like the safest approach and if so can anyone provide the name of a good stable/secure 
> > reverse proxy product.
>
> > Thanks,
>
> > Paul
>
>
> Paul,
>
> Besides remote web access for Lookout -- I'm sorry, I mean Outlook --
> what other factors are driving this request / need?
>    -- Caching data for frequently visited sites?
>    -- Restricting what can be accessed on the web?
>    -- Network admission control?
>    -- Malware scanning?
>    -- Cost?
>    -- Performance?
>
> I never trust software to do anything that cheap hardware can do better.
>  Any NAT functionality is functionality best performed by a router or
> firewall.
>
> What type of network connection to you have?
>    -- DSL? Get a Cisco877 SEC K9. It supports inbound static NAT. But,
> even better, it supports SSL VPNs for web access to internal services
> such as email -- and other high-end security features not found on most
> DSL routers. (Plus, it is a lot cheaper than buying a windows box and ISA!)
>    -- T1 to 4xT1? Get a Cisco2811. Supports all of the above and more.
>    -- > 4xT1? You definitely do NOT want a proxy like ISA!
>
> Again, always go with hardware! It may sometimes cost a few more $$ up
> front, but any difference will pay for itself in no time at all.
>
> Now if your REALLY have security as an objective, you want to look at
> something like websense or surfcontrol. I like websense primarily
> because you can do content filtering on the fly in any of the 28xx or
> 87x series routers. You would be surprised how much less malware you
> will get with such a solution.
>
> DISCLAIMER: I am not associated with any of the vendors or products I
> mentioned above.
>
> Hope this helps!
>
> Jon Kibler

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.