Firewall Wizards mailing list archives
Re: Using SSL accelerators in firewalls
From: Paul Robertson <proberts () patriot net>
Date: Wed, 17 Jul 2002 09:47:27 -0400 (EDT)
On Wed, 17 Jul 2002, Darren Reed wrote:
There would seem to be a growing trend in using SSL accelerators not next to the web server but attached to a firewall so that it isn't https traffic that passes through but http. To me this screams out "bad design" as the end-to-end encryption is lost in the process and the security of transactions eroded.
End-to-end encryption is both a good and a bad thing...
What do others think? Is this becoming a "done thing" that is more and more acceptable to corporates or is this just an isolated thing?
It's definitely becomming a "done thing," sometimes for performance, and other times for "increased security"- that is being able to do NIDS on the decrypted data stream. I'm not sure that there's all that much delineation between the ammount of trust necessary to go to the border of a company and the ammount of trust of doing SSL directly to an IIS box. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Using SSL accelerators in firewalls Darren Reed (Jul 17)
- Re: Using SSL accelerators in firewalls David Pick (Jul 17)
- Re: Using SSL accelerators in firewalls Darren Reed (Jul 17)
- Re: Using SSL accelerators in firewalls Carson Gaspar (Jul 22)
- Re: Using SSL accelerators in firewalls Ryan McBride (Jul 17)
- Re: Using SSL accelerators in firewalls Scott Walker Register (Jul 17)
- Re: Using SSL accelerators in firewalls Paul Robertson (Jul 17)
- RE: Using SSL accelerators in firewalls Ian Peters (Jul 17)
- Re: Using SSL accelerators in firewalls Fabio Pietrosanti (naif) (Jul 17)
- Re: Using SSL accelerators in firewalls Ryan Russell (Jul 17)
- <Possible follow-ups>
- Re: Using SSL accelerators in firewalls miha (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- Re: Using SSL accelerators in firewalls Dana Nowell (Jul 17)