Cart
[Home] [By Thread] [By Date] [Recent Entries]
> (It's probably been covered before, but...) I find it interesting that
using
> HTTPS allows some security, but it does mean that any perimeter firewall
can
> not inspect the contents of an exchange.
Because of this, SSL is usually terminated in the DMZ. If necessary, a
new SSL connection will be set up from the DMZ device to the internal
system. There are other approaches, but I don't know if they're public
information yet. Perhaps not surprisingly, they amount to the same thing,
however.
Nobody reasonable will let SSL from the Internet go through the DMZ
directly to their backend system.
As currently deployed in the general internet, SSL gives you
point-to-point data privacy, and little else. That's worth quite a lot,
however.
/r$
--
STSM
Senior Security Architect
DataPower SOA Appliances
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
