so, is the difference between a reverse proxy and a screened subnet (DMZ) is that proxy checks content and then allows the request into the internal servers, whereas the DMZ keeps the servers outside their internal intranet all along?
I believe you have this correct. A DMZ is always kept separate from the internal network whereas the reverse proxy allows controlled access to the internal network.
Proxies don't make great firewalls, and modern firewalls are much more capable than any proxy-based security filter. Some proxy-type functions are still available on modern firewalls, such as NAT and SSL/TLS decryption.
@@professormesser Does company uses a proxy instead of a modern firewall to reduce workload on the firewall? Since nowadays modern firewalls can do SSL/TLS decryption.
Clear, concise content. Thanks Professor
so, is the difference between a reverse proxy and a screened subnet (DMZ) is that proxy checks content and then allows the request into the internal servers, whereas the DMZ keeps the servers outside their internal intranet all along?
I believe you have this correct. A DMZ is always kept separate from the internal network whereas the reverse proxy allows controlled access to the internal network.
Thank you for this helpful video.
I guess I’m just not fully understanding why this whole proxy thing can’t be a part of the firewall. Seems like it can be integrated into firewall.
Proxies don't make great firewalls, and modern firewalls are much more capable than any proxy-based security filter. Some proxy-type functions are still available on modern firewalls, such as NAT and SSL/TLS decryption.
@@professormesser Does company uses a proxy instead of a modern firewall to reduce workload on the firewall? Since nowadays modern firewalls can do SSL/TLS decryption.
1:37