Within enterprise networks and corporations with increased levels of paranoia or at least some defined security requirements it is common, NOT to allow direct connections to the public internet.
-For this reason proxy-solutions are installed, to intercept ans (hopefully also) scan the traffic for potential threats within the sessions.
+For this reason proxy-solutions are installed, to intercept and (hopefully also) scan the traffic for potential threats within the sessions.
As soon as one wants to establish an encrypted connection to a server, there are three choices:
\item Intercept (i.e. terminate) the session at the proxy, scan there and re-encrypt the session towards the client.
\end{itemize}
-While the latest solution might be the most "up to date", it arises a new front in the context of this paper, because the most secure part of a client's connection could only be within the corporate network, if the proxy-server handles the connection to the destination server in an insecure manner.
+While the last solution might be the most "up to date", it arises a new front in the context of this paper, because the most secure part of a client's connection could only be within the corporate network, if the proxy-server handles the connection to the destination server in an insecure manner.
Conclusio: Don't forget to check your proxy solutions ssl-capabilities. Also do so for your reverse-proxies!
git.bettercrypto.org / ach-master.git / commitdiff