Firewall Wizards mailing list archives
Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY
From: "Robert Collins" <robert.collins () itdomain com au>
Date: Thu, 22 Feb 2001 08:20:47 +1100
----- Original Message ----- From: "Ng Pheng Siong" <ngps () post1 com> To: <agetchel () kde state ky us> Cc: <darrenr () reed wattle id au>; <firewall-wizards () nfr net> Sent: Thursday, February 22, 2001 3:27 AM Subject: Re: [fw-wiz] Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY
On Tue, Feb 20, 2001 at 04:33:02PM -0500, agetchel () kde state ky us
wrote:
you need to think about patching your boxes and using a reverse application proxy that can detect attacks which may be
used in the
defacement process (such as Unicode attacks or, like I mentioned
above,
buffer overflow attacks).Reverse proxies break X.509 cert-based client authentication. -- Ng Pheng Siong <ngps () post1 com> * http://www.post1.com/home/ngps
I don't believe there's any protocol level reason why the reverse proxy cannot perform the X.509 certificate authentication itself. Certainly the web server AND the reverse proxy cannot both perform that authentication. AFAIK some of the commercial reverse proxies will perform authentication on behalf of the webserver. What about things like the cisco LocalDirector? Although I'm not quite sure whether that's a reverse proxy or a tcp load balancer :-]. Rob _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY agetchel (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Darren Reed (Feb 20)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 21)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Ng Pheng Siong (Feb 26)
- Reversise Proxies? (was Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY) Robert Collins (Feb 26)
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Robert Collins (Feb 25)
- <Possible follow-ups>
- Re: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY Bill_Royds (Feb 21)
- RE: Next Generation Security Architecture - TO MODERATOR - CORRECTED COPY MONTENEGRO,FERNANDO (HP-Canada,ex1) (Feb 26)