Daniel “3ICE” Berezvai Reverse Proxy Presentation by:

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

By Vikas Debnath KV IT-Solutions Pvt. Ltd.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,

Working with Proxy Servers and Application-Level Firewalls Chapter 5.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Chapter 7: Working with Proxy Servers & Application-Level Firewalls

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Norman SecureSurf Protect your users when surfing the Internet.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

SANGFOR AD INTRODUCTION

CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

A Network Security -Firewall Bruce Turin.

Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Defining Network Infrastructure and Network Security Lesson 8.

E Safety & Security Tools 13 th March 2009 Martin Quinn - The Westfield Centre.

Presented by Michael Rainey South Mississippi Linux Users Group

Securing Information Systems

BUILD SECURE PRODUCTS AND SERVICES

Welcome to the Hands on Lab!

Lab A: Planning an Installation

Firewall Techniques Matt Cupp.

Top 5 Open Source Firewall Software for Linux User

Axway MailGate Unifies “Safe-for-Work” Solutions to Keep Your Enterprise as Secure as Possible in the Azure Cloud and/or Any Hybrid Environment MICROSOFT.

CONNECTING TO THE INTERNET

Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.

Web Development Web Servers.

Ad-blocker circumvention System

Internet and Intranet.

Computer Data Security & Privacy

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

A10 Networks vThunder Leverages the Powerful Microsoft Azure Cloud Platform to Offer Advanced Layer 4-7 Networking, Security on a Global Scale MICROSOFT.

Introduction to Networking

Introducing To Networking

Introduction to Networking

Security in Networking

Internet and Intranet.

6.6 Firewalls Packet Filter (=filtering router)

Unit 27: Network Operating Systems

Distributed Content in the Network: A Backbone View

Firewalls Routers, Switches, Hubs VPNs

FIREWALL By Abhishar Baloni I.D

Design pattern for cloud Application

Firewalls Jiang Long Spring 2002.

Internet and Intranet.

Communications & Computer Networks Resource Notes - Introduction

Defending high value targets in the cloud using IP Reputation

Firewalls Chapter 8.

AbbottLink™ - IP Address Overview

EE 122: Lecture 22 (Overlay Networks)

LOAD BALANCING INSTANCE GROUP APPLICATION #1 INSTANCE GROUP Overview

Internet and Intranet.

Hosted Security.

Presentation transcript:

Daniel “3ICE” Berezvai Reverse Proxy Presentation by: With thanks to nginx.com, nginx.org, digitalocean.com, stackoverflow.com, serverfault.com, and wikipedia.org. Reverse Proxy

A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate back-end server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.

Common uses for a reverse proxy server include Load balancing Web acceleration Security and anonymity

Load balancing A reverse proxy server can act as a "traffic cop," sitting in front of your back-end servers and distributing client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no one server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.

Web acceleration Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off of your web servers, thereby boosting their performance.

Security and anonymity By intercepting requests headed for your back-end servers, a reverse proxy server protects their identities and acts as an additional defense against security- threatening attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your LAN (local area network).

NGINX Plus and NGINX are the best-in-class reverse-proxy solutions used by high-traffic websites such as Dropbox, Netflix, Facebook, and Zynga. More than 130 million websites worldwide and over 40% of the world’s 10,000 busiest websites use NGINX Plus and NGINX to deliver content quickly and reliably. (This is a marketing statement; quite clever, but transparent to the experienced eye. Obviously most people use the free, open source NGINX.)

As a software-based reverse proxy, not only is NGINX Plus less expensive than hardware-based solutions with similar capabilities, it can be deployed in the public cloud as well as in private data centers, whereas cloud infrastructure vendors generally do not allow customer or proprietary hardware reverse proxies in their data centers. (Nothing beats free, open source nginx, of course.)

Normal proxy vs Reverse proxy What is a Proxy? Someone or something acting on behalf of someone else. In this case; A proxy server is acting on the behalf of another computer. It has two types: Normal proxy Reverse proxy

Normal proxy

Normal proxy You (client) ↓ Proxy (SOCKS, TODO what's the other one, etc.) Website (TheGreatChineseFirewall.com) Forward Proxy: Acting on behalf of a normal user (service consumer)

Reasons why you would want to use a normal proxy server:

You are unable to access a (possibly) virus infected website or domain, due to your system administrator (or Google) blocking it. (Usually a false positive, very annoying.)

Your employer has blocked facebook. com from the corporate network Your employer has blocked facebook.com from the corporate network. Because a lot of lazy people are checking facebook at work. Constantly.

You are a student at an elementary school and are trying to look at porn in the library. Adult content is blocked by a filter.

The dictatorship / government in your country is unable to control the publishing of news, so it blocks access to news websites. Or wikipedia.

You are attempting to hack target You are attempting to hack target.com whose administrator has blocked you due to suspicious activity.

You are spamming forum.com and the administrator there has decided to temporarily ban your IP address and/or whole netrange.

Reverse proxy

Client → Reverse proxy → Server You (client) → Reverse proxy (nginx, masquerading as example.com) ↓ One of their backend servers (host19.example.com) Reverse Proxy: Acting on behalf of a service provider or content producer.

A common use case: It is often beneficial for administrators to route traffic through a gateway to several available mirrors. Direct access to a mirror is forbidden.

What's different this time compared to a normal "forward" proxy The user is unaware of it happening. The user thinks he is communicating with example.com directly. Nowhere is it mentioned that all communication traffic is actually forwarded to host19. The mirrors are invisible to client, only the reverse proxy is visible externally.