How does SSL work through (application level) firewalls, gateways and proxy servers?
SSL was designed to provide security between client and server and to avoid any kind of 3-way man-in-the-middle attack. Thus SSL cannot be proxied through traditional application level firewalls (such as the CERN proxy server) because SSL considers a proxy server to be a middleman. The simplest alternative to this problem is to use a packet filtering firewall. You set it up to open a reserved and trusted port for the SSL+HTTP or SSL+NNTP services (443 or 563 respectively) allowing all traffic on those ports to be passed through unrestricted. The risk with this solution is that an internal attacker could attempt to use these trusted ports without using SSL and there is no way for the firewall to know. SSL also can work with gateways that support the SOCKS protocol, a protocol independent proxy mechanism. SOCKS is a generic byte forwarding gateway between client and server and generally works at the socket level. If all you want is TCP/UDP restrictions based on client IP or server IP, SO
Related Questions
- What type of security is provided during the transmission of my data back-and-forth between the Ortlin-Backup servers while using the Ortlin-Backup application?
- What type of security is provided during the transmission of my data back-and-forth between the Ortlin-Backup servers while using the Ortlin-ISCSI application?
- How does SSL work through (application level) firewalls, gateways and proxy servers?
