Firewall Wizards mailing list archives
Re: Using SSL accelerators in firewalls
From: David Pick <d.m.pick () qmul ac uk>
Date: Wed, 17 Jul 2002 10:40:28 +0100
There would seem to be a growing trend in using SSL accelerators not next to the web server but attached to a firewall so that it isn't https traffic that passes through but http. To me this screams out "bad design" as the end-to-end encryption is lost in the process and the security of transactions eroded. What do others think? Is this becoming a "done thing" that is more and more acceptable to corporates or is this just an isolated thing?
I depends. I think it may be "OK" if you look at the configuration as (possibly multiple) Web Content Accelerators attached to, and assisting, the secure Web Server. The method of attachment *might* be an internal network ("intranet"!) or might be something else. On the other hand, if there is direct access to the Web Content Servers, bypassing the "real" Web Server; or user machines connected between the various components of the Distributed Web Server, then I agree that that could be bad design. In this respect you have to think about what the SSL security if being user for. If it is to assure the client of the identity of the Server, and the security of the data in transit (a common case) then the design might be OK if the firewall blocks direct external access to the Web Content Servers. If, OTOH, SSL is being used to authenticate the *client* then such a design is close to criminal. -- David Pick _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Using SSL accelerators in firewalls Darren Reed (Jul 17)
- Re: Using SSL accelerators in firewalls David Pick (Jul 17)
- Re: Using SSL accelerators in firewalls Darren Reed (Jul 17)
- Re: Using SSL accelerators in firewalls Carson Gaspar (Jul 22)
- Re: Using SSL accelerators in firewalls Ryan McBride (Jul 17)
- Re: Using SSL accelerators in firewalls Scott Walker Register (Jul 17)
- Re: Using SSL accelerators in firewalls Paul Robertson (Jul 17)
- RE: Using SSL accelerators in firewalls Ian Peters (Jul 17)
- Re: Using SSL accelerators in firewalls Fabio Pietrosanti (naif) (Jul 17)
- Re: Using SSL accelerators in firewalls Ryan Russell (Jul 17)
- <Possible follow-ups>
- Re: Using SSL accelerators in firewalls miha (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
(Thread continues...)