nanog mailing list archives

Re: Is NAT can provide some kind of protection?

From: Jack Bates <jbates () brightok net>
Date: Thu, 13 Jan 2011 12:11:27 -0600

On 1/13/2011 11:56 AM, William Herrin wrote:

So all the folks who use reverse proxies like an http accellerator are wrong?

They have their purpose. However, depending on the security rating ofthe accelerator versus the security rating of the backend server willdepend on the negative or positive effect it has on overall security.

1) If backend server has low security rating and proxy also serves toprotect backend server flaws, then the proxy has a positive security rating.

2) If backend server is similar or better security rating than theproxy, then the proxy server has a negative security rating, as it hasintroduced a second application in the channel which can possibly beexploited. ie, you have to worry about backend server security as wellas the proxy security, and exploiting either can possibly compromisesecurity for both.



Jack

Current thread:

Re: Is NAT can provide some kind of protection?, (continued)
- - - Re: Is NAT can provide some kind of protection? Stephen Davis (Jan 15)
    - Re: Is NAT can provide some kind of protection? Leen Besselink (Jan 16)
    - Re: Is NAT can provide some kind of protection? Douglas Otis (Jan 14)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? David Barak (Jan 12)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 13)
    - Re: Is NAT can provide some kind of protection? Dobbins, Roland (Jan 13)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 13)
    - Re: Is NAT can provide some kind of protection? William Herrin (Jan 13)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 13)
    - Re: Is NAT can provide some kind of protection? William Herrin (Jan 13)
    - Re: Is NAT can provide some kind of protection? Lamar Owen (Jan 13)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 13)
  - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? Paul Ferguson (Jan 12)
    - Re: Is NAT can provide some kind of protection? Steven Kurylo (Jan 12)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? Scott Helms (Jan 12)
    - Re: Is NAT can provide some kind of protection? Chris Adams (Jan 12)
    - Re: Is NAT can provide some kind of protection? Scott Helms (Jan 12)

(Thread continues...)