Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: A Good Reverse Proxy Product

Re: A Good Reverse Proxy Product

From: Adriel Desautels <adriel_at_netragard.com>
Date: Thu, 01 May 2008 11:22:48 -0400

Paul,
          I'm fairly fond of custom reverse proxies with Mod Security built in.
We've built and deployed quite a few of those. When they are configured
right they provide a pretty decent layer of defense.

Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn

Jon Kibler wrote:
> Paul Guibord wrote:
>> Greetings to all,
>
>> We have a new MS Exchange server and the administrator wants to provide remote Outlook Web Access access to it from the internet.
>> As opposed to having a direct outside to inside translation to it I was told that we could put a reverse proxy server in the DMZ and then provide a DMZ to inside translation form there.
>
>> First of all does this sound like the safest approach and if so can anyone provide the name of a good stable/secure reverse proxy product.
>
>> Thanks,
>
>> Paul
>
>
> Paul,
>
> Besides remote web access for Lookout -- I'm sorry, I mean Outlook --
> what other factors are driving this request / need?
> -- Caching data for frequently visited sites?
> -- Restricting what can be accessed on the web?
> -- Network admission control?
> -- Malware scanning?
> -- Cost?
> -- Performance?
>
> I never trust software to do anything that cheap hardware can do better.
> Any NAT functionality is functionality best performed by a router or
> firewall.
>
> What type of network connection to you have?
> -- DSL? Get a Cisco877 SEC K9. It supports inbound static NAT. But,
> even better, it supports SSL VPNs for web access to internal services
> such as email -- and other high-end security features not found on most
> DSL routers. (Plus, it is a lot cheaper than buying a windows box and ISA!)
> -- T1 to 4xT1? Get a Cisco2811. Supports all of the above and more.
> -- > 4xT1? You definitely do NOT want a proxy like ISA!
>
> Again, always go with hardware! It may sometimes cost a few more $$ up
> front, but any difference will pay for itself in no time at all.
>
> Now if your REALLY have security as an objective, you want to look at
> something like websense or surfcontrol. I like websense primarily
> because you can do content filtering on the fly in any of the 28xx or
> 87x series routers. You would be surprised how much less malware you
> will get with such a solution.
>
> DISCLAIMER: I am not associated with any of the vendors or products I
> mentioned above.
>
> Hope this helps!
>
> Jon Kibler

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
Received on May 01 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]