Re: [fw-wiz] Using SSL accelerators in firewalls

From: Paul Robertson (proberts@patriot.net)
Date: 07/17/02


From: Paul Robertson <proberts@patriot.net>
To: Darren Reed <darrenr@reed.wattle.id.au>
Date: Wed Jul 17 09:47:03 2002

On Wed, 17 Jul 2002, Darren Reed wrote:

> There would seem to be a growing trend in using SSL accelerators not
> next to the web server but attached to a firewall so that it isn't
> https traffic that passes through but http.
>
> To me this screams out "bad design" as the end-to-end encryption is
> lost in the process and the security of transactions eroded.

End-to-end encryption is both a good and a bad thing...

>
> What do others think? Is this becoming a "done thing" that is more
> and more acceptable to corporates or is this just an isolated thing?

It's definitely becomming a "done thing," sometimes for performance, and
other times for "increased security"- that is being able to do NIDS on the
decrypted data stream.

I'm not sure that there's all that much delineation between the ammount of
trust necessary to go to the border of a company and the ammount of trust
of doing SSL directly to an IIS box.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."



Relevant Pages

  • [fw-wiz] Using SSL accelerators in firewalls
    ... There would seem to be a growing trend in using SSL accelerators not ... next to the web server but attached to a firewall so that it isn't ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Using SSL accelerators in firewalls
    ... > There would seem to be a growing trend in using SSL accelerators not ... > next to the web server but attached to a firewall so that it isn't ... If your bank was using one of these SSL accelerators and it was not ... Internet Banking service which used SSL encryption? ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Using SSL accelerators in firewalls
    ... > If the bank has a SSL accelerator to <quote> screen traffic ... > design). ... >> There would seem to be a growing trend in using SSL accelerators not ... >> next to the web server but attached to a firewall so that it isn't ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Using SSL accelerators in firewalls
    ... If the bank has a SSL accelerator to <quote> screen traffic and then pass your data through some number of other ... things, unencrypted, how is that different from decrypting it on the web server ... If your bank was using one of these SSL accelerators and it was not ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Using SSL accelerators in firewalls
    ... > There would seem to be a growing trend in using SSL accelerators not ... > next to the web server but attached to a firewall so that it isn't ... In this respect you have to think about what the SSL security ...
    (Firewall-Wizards)