Secure Computing SSL Scanner Manuel d'utilisateur télécharger pdf (Page 13)

Securing and Optimizing WAN Trafﬁc Example

A Blue Coat ProxySG used for SSL WAN optimization acts as the SSL proxy allowing branch ofﬁce workers secure access that

can be inspected and optimized to internal web servers and external websites as well, providing the same beneﬁts discussed

in the SSL forward proxy example. See Figure 11, below.

The ProxySG can hold both client and server keys for its internal clients. This allows SSL sessions to be carried out twice: once

between the client and proxy server, and again between the proxy server and the secure server. In that way, the ProxySG can to

listen in on the conversation without having the private keys of external servers.

The ProxySG can be used as described above, or simply to create a secure tunnel between sites across an insecure network.

SSL doesn’t allow recursive encryption, so by using it this way you lose the transparency of the proxy and get multiple

segments of secure connections, rather than a single secure end-to-end connection. The ProxySG has full SSL support as

opposed to just SSL tunneling. It can therefore do client authentication and serve documents like a secure server, or request

documents like an SSL-enabled client.

Internet

Internal

Network

Web Hosted

Applications

Concentrator

Proxy

Branch

ProxySG

ProxyAV

Users

Branch

Office

SSLSSL SSLSSL

Figure 11 – Example WAN Optimization Deployment

Technology Primer: Secure Sockets Layer (SSL)

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 21 22

Pas de commentaire

Secure Computing SSL Scanner Manuel d'utilisateur Page 13