Entrar
 
HomeBibliotecaWikiAprenderGaleriaDownloadsSuporte ComunidadeFóruns
Recursos para Profissionais de TI >
security concerns with reverse-proxy

Answered security concerns with reverse-proxy

  • terça-feira, 3 de abril de 2012 15:41
     
     
    Entrar para Votar
    0

    I am curious if he there is a way to use pre-authenication on tmg for lync mobility.  Our security department has concerns regarding unauthenticated access directly to our internal network (the fe server) via reverse proxy.  Does anyone know of any documents discussing these security concerns?  I am sure this has been discuessed somewhere before.

     

Todas as Respostas

  • terça-feira, 3 de abril de 2012 16:03
     
     Respondido
    Entrar para Votar
    0

    Hi

    The idea of the RP is that the external connections are made to TMG (for example) which then goes and collects the information requested from the BE on behalf of the user before handing it back to the external party.

    Becuase you are not directly publishing the server on the internet there is no un-secured traffic flowing over your internal network, only requests on behalf of the external client - this is why the header information can 'appear' to come from either TMG or the original client when sending to the internal server(s).

    I hope this helps.

    Regards

    Neil

     
  • quarta-feira, 4 de abril de 2012 09:25
     
     Respondido
    Entrar para Votar
    0
    If you want to add a security layer before connecting to the Back-End you have to install a Lync Director server and route all traffic from the internet to there.  The director will relay the traffic to the Front-End adding another hop.

    - Belgian Unified Communications Community : http://www.pro-lync.be -

     
  • quarta-feira, 4 de abril de 2012 22:40
     
     
    Entrar para Votar
    0

    Hi

    The idea of the RP is that the external connections are made to TMG (for example) which then goes and collects the information requested from the BE on behalf of the user before handing it back to the external party.

    Becuase you are not directly publishing the server on the internet there is no un-secured traffic flowing over your internal network, only requests on behalf of the external client - this is why the header information can 'appear' to come from either TMG or the original client when sending to the internal server(s).

    I hope this helps.

    Regards

    Neil

    I think his concern is since there is no authentication done on the TMG Listener, external requests are being handled directly by the internal FE/Director server.
     
  • quinta-feira, 5 de abril de 2012 00:20
     
     
    Entrar para Votar
    0
    There is no two factor authentication or forms based authentication

    Please remember to click “Mark as Answer” if this resolved the issue.

     
  • quinta-feira, 5 de abril de 2012 09:57
    Moderador
     
     Respondido
    Entrar para Votar
    0

    Hi,

    We always use ISA or TMG as reverse proxy for Lync server. You can create a Access rule and only allow https, http and DNS protocols for security. My reverse porxy is not member of the domain and this no Default gateway and DNS server on my reverse proxy internal interface. A Director server is deployed for authentication before FE server.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.