AW: SSL VPN or reverse proxy?

["Horst Moll" <Horst.Moll () tts-security com>]

 Hi Dan,
The answer is as always - it depends. 
If we are talking about a well configured, manged, controlled environment
and about the same kind of http(s)-Application, than the answer would be
that the security level of both systems are equally.
As soon as we have requirements like strong authentication, using the
central user repository or load balancing, than you have to look into the
details. 

;-)Horst
-----Ursprüngliche Nachricht-----
Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im
Auftrag von Jared Curtis
Gesendet: Freitag, 6. März 2009 01:13
An: Dan Lynch
Cc: security-basics () securityfocus com
Betreff: Re: SSL VPN or reverse proxy?

SSL VPN's perform tunneling and can route IP traffic though the tunnel to
any resource.  Reverse proxy does not route standard IP traffic.

On Thu, Mar 5, 2009 at 3:03 PM, Dan Lynch <DLynch () placer ca gov> wrote:
> From a security perspective, when placed front ending an intranet web 
> server that itself is SSL-enabled, is there any difference between an 
> SSL VPN appliance, and a simple HTTP reverse proxy that performs 
> authentication? Is there some class of threat that is addressed better 
> by the SSL VPN, or not at all by the reverse proxy?
>
>
>
> Dan Lynch, CISSP
> Information Technology Analyst
> County of Placer
> Auburn, CA