6
Internet
SSLSSL
SSLSSL
SSLSSL
SSLSSL
Users
Web Applications
Corporate Headquarters
Web Server
Data Center
WAN Optimization “Concentrator” SSL Proxy
• Application Acceleration
• Malware Prevention
WAN Optimization “Branch” SSL Proxy
• Application Acceleration
• Malware Prevention
Reverse HTTPS Proxy
• Web Server Acceleration
• Content Delivery Optimization
Forward SSL Proxy
• Malware Prevention
• Outsourced
Application Security
Branch Office
Figure 5 – Blue Coat ProxySG SSL Proxy-Based Solutions: SSL Forward Proxy, WAN Optimization Proxies, and Reverse HTTPS Proxy
An SSL “forward” proxy sits between users on a corporate LAN and their access to the Internet/Web, protecting the client. It is used >-
for applying security and performance features such as authentication, malware prevention, URL filtering, data loss prevention, and
caching. The ProxySG can be used as an SSL forward proxy to tunnel or intercept HTTPS traffic. Deployed in this way, it usually sits at
the Internet “gateway”, or where the organization’s network meets their Internet feed(s).
The Blue Coat ProxySG can also be used for WAN optimization to accelerate “inside-out” (users inside the organization accessing >-
external/outside sites) SSL traffic from internal websites as well as external websites when used in an application delivery network
(ADN) deployment across a WAN link, while providing complete visibility for security policies. Deployed in this way, a branch/remote
office ProxySG intercepts and securely communicates with an upstream ProxySG deployed as a WAN optimization concentrator/
gateway.
An HTTPS “reverse” proxy sits on the edge of a corporate network and accepts requests from users on the WWW coming into a >-
corporate website. It is typically used to offload SSL processing from the server to the proxy, cache server content, and optionally
provide threat detection, and data loss prevention checks. In a content delivery network (CDN) it can also be used for bandwidth
management and server acceleration deployed in the middle of the network – away from the server but not necessarily at the branch
or network edge. Communications between the HTTPS reverse proxy and the server might or might not use SSL.
To help alleviate the threat that encrypted HTTPS traffic can pose and the strain SSL places on general-purpose web servers,
Blue Coat ProxySGs have integrated full SSL capabilities. When a client sets up a new SSL session through ProxySG to a
server, the SSL proxy performs validation checks on the server’s certificate. Once validated, this SSL session can be reused
multiple times by that same client and server for some period of time. During this time, the proxy continues to perform checks
on the certificate present in the cached server-side SSL session. Every time a new connection is made, the ProxySG continues
to check dates on the certificate to see if it has expired. No SSL data is stored nor are SSL keys at risk. Administrators can
invoke the object cache for SSL traffic, if the acceleration benefits and security profile makes sense; the object caches have
almost zero administration time since they self-tune as traffic passes.
Technology Primer: Secure Sockets Layer (SSL)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels