Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Tunneling and Proxy services for SSL based systems

Posted on 2014-03-27
2
822 Views
Last Modified: 2014-03-28
I asked a previous question concerning what products existed for tunneling and proxy, and unfortunately I phrased it in the context of SSH.

For SSL, what products are usually used to provide these services (I would doubt it would be a standard router or switch).  

Are there open source products taht provide these services.  What are some of the popular agents that provide these services?
0
Comment
Question by:Anthony Lucia
2 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39960733
You can have a reverse proxy which effectively accepts external connection and is configured to forward a specific request pattern to an internal server.

i.e. www.yourdomain.com companies to mitigate/limit the attack exposure on their web server, setup a reverse proxy.  individual connects and make requests if the request matches the http://www.yourdomain.com it will be proxied to the defined server/servers (if load balanced). if it does not match, the user will get an error in response.  This deals with tier separation such that the compromise of the reverse proxy server will limit the enterprises exposure.

As far as SSL is concerned, a reverse proxy can be setup such that it is the terminating point of the SSL connection The SSL connection is negotiated and established between the browser of the user and the reverse proxy.
The setup on the reverse proxy could still be to access the underlying web server using secure communications as well.
In this scenario, while the proxy is in the middle of the transaction, it is not seen as a man in the middle. i.e. an unauthorized entity intercepts the requests.

Could you define what it is you are looking to achieve.

ssh, VPN (SSL VPN, IPSEC, OPENVPN, PPTP, L2TP, GRE,etc.), these are tunneling mechanism or provides for a tunnel.


The short answer is Yes, there are open source tools to enable different things.
With regard to your question, I do not understand what it is you are trying to achieve which makes it nearly impossible to answer your question.

If you could provide a context, i.e. you have location A and location B, you want to be able to do X from location A while gettign Y from location B.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 39960767
stunnel comes to the thought and even Tor Browser Bundle has SSL tunnel (probably just teh 443 port no). Another which is commonly known is the squid
e.g. Intercepting direct SSL/TLS connections ( intercept an HTTPS connection to an origin server at Squid's https_port. ) or
e.g. Direct SSL/TLS connection to a reverse proxy (Squid-2.5 and later can terminate TLS or SSL connections)

there is zeroshell that can act as transparent http proxy but probably not ssl proxy

Zeroshell uses Transparent Proxy mode which involves automatically capturing the client requests on TCP 80 port. Obviously, for Zeroshell to be able to capture these web requests, it must be configured as a network gateway, so that client Internet traffic goes through it. Zeroshell will automatically capture http requests whether this is a level 2 gateway (bridge between Ethernet, WIFI or VPN interface) or layer 3 gateway (router). It is nevertheless important to specify on which network interfaces or IP subnets these requests are to be redirected. This is done by adding so-called HTTP Capturing Rules
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Creating a Vendor Admin user 23 80
Cisco Router Security Commands. 2 31
Windows mapped drive communications - Secure? 5 44
Home security 15 41
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question