Contents

Foreword

Preface

Chapter 1 Fundamentals of Secure Proxies

Security Must Protect and Empower Users

The Birth of Shadow IT

Internet of Things and Connected Consumer Appliances

Conventional Security Solutions

Traditional Firewalls: What Are Their Main Deficiencies?

Firewall with DPI: A Better Solution?

IDS/IPS and Firewall

Unified Threat Management and Next-Generation Firewall

Security Proxy—A Necessary Extension of the End Point

Transaction-Based Processing

The Proxy Architecture

SSL Proxy and Interception

Interception Strategies

Certificates and Keys

Certificate Pinning and OCSP Stapling

SSL Interception and Privacy

Summary

Chapter 2 Proxy Deployment Strategies and Challenges

Definitions of Proxy Types: Transparent Proxy and Explicit Proxy

Inline Deployment of Transparent Proxy: Physical Inline and Virtual Inline

Physical Inline Deployment

Virtual Inline Deployment

Traffic Redirection Methods: WCCP and PBR

LAN Port and WAN Port

Forward Proxy and Reverse Proxy

Challenges of Transparent Interception

Directionality of Connections

Maintaining Traffic Paths

Avoiding Interception

Asymmetric Traffic Flow Detection and Clustering

Proxy Chaining

Summary

Chapter 3 Proxy Policy Engine and Policy Enforcements

Policy System Overview

Conditions and Properties

Policy Transaction

Policy Ticket

Policy Updates and Versioning System

Security Implications

Policy System in the Cloud Security Operation

Policy Evaluation

Policy Checkpoint

Policy Execution Timing

Revisiting the Proxy Interception ...

Get Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial